Vulnerability from csaf_suse
Published
2025-03-19 12:04
Modified
2025-03-19 12:04
Summary
Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
Description of the patch
This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
Patchnames
SUSE-2025-944,SUSE-2025-948,SUSE-SLE-Module-Live-Patching-15-SP3-2025-944
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)", title: "Title of the patch", }, { category: "description", text: "This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-944,SUSE-2025-948,SUSE-SLE-Module-Live-Patching-15-SP3-2025-944", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0944-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0944-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250944-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0944-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020558.html", }, { category: "self", summary: "SUSE Bug 1228017", url: "https://bugzilla.suse.com/1228017", }, { category: "self", summary: "SUSE Bug 1229640", url: "https://bugzilla.suse.com/1229640", }, { category: "self", summary: "SUSE Bug 1231204", url: "https://bugzilla.suse.com/1231204", }, { category: "self", summary: "SUSE Bug 1233679", url: "https://bugzilla.suse.com/1233679", }, { category: "self", summary: "SUSE CVE CVE-2022-48792 page", url: "https://www.suse.com/security/cve/CVE-2022-48792/", }, { category: "self", summary: "SUSE CVE CVE-2022-48911 page", url: "https://www.suse.com/security/cve/CVE-2022-48911/", }, { category: "self", summary: "SUSE CVE CVE-2024-46818 page", url: "https://www.suse.com/security/cve/CVE-2024-46818/", }, { category: "self", summary: "SUSE CVE CVE-2024-50302 page", url: "https://www.suse.com/security/cve/CVE-2024-50302/", }, ], title: "Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)", tracking: { current_release_date: "2025-03-19T12:04:27Z", generator: { date: "2025-03-19T12:04:27Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0944-1", initial_release_date: "2025-03-19T12:04:27Z", revision_history: [ { date: "2025-03-19T12:04:27Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", product: { name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", product_id: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", }, }, { category: "product_version", name: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le", product: { name: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le", product_id: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", product: { name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", product_id: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", }, }, { category: "product_version", name: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x", product: { name: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x", product_id: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", product: { name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", product_id: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", }, }, { category: "product_version", name: "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64", product: { name: "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64", product_id: "kernel-livepatch-5_3_18-150300_59_164-preempt-10-150300.2.1.x86_64", }, }, { category: "product_version", name: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64", product: { name: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64", product_id: "kernel-livepatch-5_3_18-150300_59_167-default-9-150300.2.1.x86_64", }, }, { category: "product_version", name: "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64", product: { name: "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64", product_id: "kernel-livepatch-5_3_18-150300_59_167-preempt-9-150300.2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Live Patching 15 SP3", product: { name: "SUSE Linux Enterprise Live Patching 15 SP3", product_id: "SUSE Linux Enterprise Live Patching 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-live-patching:15:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3", product_id: "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", }, product_reference: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 15 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3", product_id: "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", }, product_reference: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 15 SP3", }, { category: "default_component_of", full_product_name: { name: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3", product_id: "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", }, product_reference: "kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 15 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2022-48792", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48792", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48792", url: "https://www.suse.com/security/cve/CVE-2022-48792", }, { category: "external", summary: "SUSE Bug 1228013 for CVE-2022-48792", url: "https://bugzilla.suse.com/1228013", }, { category: "external", summary: "SUSE Bug 1228017 for CVE-2022-48792", url: "https://bugzilla.suse.com/1228017", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:04:27Z", details: "moderate", }, ], title: "CVE-2022-48792", }, { cve: "CVE-2022-48911", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48911", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48911", url: "https://www.suse.com/security/cve/CVE-2022-48911", }, { category: "external", summary: "SUSE Bug 1229633 for CVE-2022-48911", url: "https://bugzilla.suse.com/1229633", }, { category: "external", summary: "SUSE Bug 1229640 for CVE-2022-48911", url: "https://bugzilla.suse.com/1229640", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:04:27Z", details: "moderate", }, ], title: "CVE-2022-48911", }, { cve: "CVE-2024-46818", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46818", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check gpio_id before used as array index\n\n[WHY & HOW]\nGPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore\nshould be checked in advance.\n\nThis fixes 5 OVERRUN issues reported by Coverity.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46818", url: "https://www.suse.com/security/cve/CVE-2024-46818", }, { category: "external", summary: "SUSE Bug 1231203 for CVE-2024-46818", url: "https://bugzilla.suse.com/1231203", }, { category: "external", summary: "SUSE Bug 1231204 for CVE-2024-46818", url: "https://bugzilla.suse.com/1231204", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:04:27Z", details: "important", }, ], title: "CVE-2024-46818", }, { cve: "CVE-2024-50302", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-50302", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-50302", url: "https://www.suse.com/security/cve/CVE-2024-50302", }, { category: "external", summary: "SUSE Bug 1233491 for CVE-2024-50302", url: "https://bugzilla.suse.com/1233491", }, { category: "external", summary: "SUSE Bug 1233679 for CVE-2024-50302", url: "https://bugzilla.suse.com/1233679", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.ppc64le", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.s390x", "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_164-default-10-150300.2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:04:27Z", details: "important", }, ], title: "CVE-2024-50302", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.