Vulnerability from csaf_suse
Published
2025-03-19 12:13
Modified
2025-03-19 12:13
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
Patchnames
SUSE-2025-945,SUSE-SLE-Micro-5.3-2025-945,SUSE-SLE-Micro-5.4-2025-945
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).\n- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).\n- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).\n- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).\n- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).\n- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).\n\nThe following non-security bugs were fixed:\n\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).\n- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).\n- x86/kvm: fix is_stale_page_fault() (bsc#1236675).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-945,SUSE-SLE-Micro-5.3-2025-945,SUSE-SLE-Micro-5.4-2025-945", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0945-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0945-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250945-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0945-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020560.html", }, { category: "self", summary: "SUSE Bug 1208995", url: "https://bugzilla.suse.com/1208995", }, { category: "self", summary: "SUSE Bug 1220946", url: "https://bugzilla.suse.com/1220946", }, { category: "self", summary: "SUSE Bug 1224700", url: "https://bugzilla.suse.com/1224700", }, { category: "self", summary: "SUSE Bug 1225742", url: "https://bugzilla.suse.com/1225742", }, { category: "self", summary: "SUSE Bug 1232905", url: "https://bugzilla.suse.com/1232905", }, { category: "self", summary: "SUSE Bug 1232919", url: "https://bugzilla.suse.com/1232919", }, { category: "self", summary: "SUSE Bug 1234154", url: "https://bugzilla.suse.com/1234154", }, { category: "self", summary: "SUSE Bug 1234853", url: "https://bugzilla.suse.com/1234853", }, { category: "self", summary: "SUSE Bug 1234891", url: "https://bugzilla.suse.com/1234891", }, { category: "self", summary: "SUSE Bug 1234963", url: "https://bugzilla.suse.com/1234963", }, { category: "self", summary: "SUSE Bug 1235054", url: "https://bugzilla.suse.com/1235054", }, { category: "self", summary: "SUSE Bug 1235061", url: "https://bugzilla.suse.com/1235061", }, { category: "self", summary: "SUSE Bug 1235073", url: "https://bugzilla.suse.com/1235073", }, { category: "self", summary: "SUSE Bug 1236661", url: "https://bugzilla.suse.com/1236661", }, { category: "self", summary: "SUSE Bug 1236675", url: "https://bugzilla.suse.com/1236675", }, { category: "self", summary: "SUSE Bug 1236677", url: "https://bugzilla.suse.com/1236677", }, { category: "self", summary: "SUSE Bug 1236757", url: "https://bugzilla.suse.com/1236757", }, { category: "self", summary: "SUSE Bug 1236758", url: "https://bugzilla.suse.com/1236758", }, { category: "self", summary: "SUSE Bug 1236760", url: "https://bugzilla.suse.com/1236760", }, { category: "self", summary: "SUSE Bug 1236761", url: "https://bugzilla.suse.com/1236761", }, { category: "self", summary: "SUSE Bug 1237025", url: "https://bugzilla.suse.com/1237025", }, { category: "self", summary: "SUSE Bug 1237028", url: "https://bugzilla.suse.com/1237028", }, { category: "self", summary: "SUSE Bug 1237139", url: "https://bugzilla.suse.com/1237139", }, { category: "self", summary: "SUSE Bug 1237316", url: "https://bugzilla.suse.com/1237316", }, { category: "self", summary: "SUSE Bug 1237693", url: "https://bugzilla.suse.com/1237693", }, { category: "self", summary: "SUSE Bug 1238033", url: "https://bugzilla.suse.com/1238033", }, { category: "self", summary: "SUSE CVE CVE-2022-49080 page", url: "https://www.suse.com/security/cve/CVE-2022-49080/", }, { category: "self", summary: "SUSE CVE CVE-2023-1192 page", url: "https://www.suse.com/security/cve/CVE-2023-1192/", }, { category: "self", summary: "SUSE CVE CVE-2023-52572 page", url: "https://www.suse.com/security/cve/CVE-2023-52572/", }, { category: "self", summary: "SUSE CVE CVE-2024-35949 page", url: "https://www.suse.com/security/cve/CVE-2024-35949/", }, { category: "self", summary: "SUSE CVE CVE-2024-50115 page", url: "https://www.suse.com/security/cve/CVE-2024-50115/", }, { category: "self", summary: "SUSE CVE CVE-2024-50128 page", url: "https://www.suse.com/security/cve/CVE-2024-50128/", }, { category: "self", summary: "SUSE CVE CVE-2024-53135 page", url: "https://www.suse.com/security/cve/CVE-2024-53135/", }, { category: "self", summary: "SUSE CVE CVE-2024-53173 page", url: "https://www.suse.com/security/cve/CVE-2024-53173/", }, { category: "self", summary: "SUSE CVE CVE-2024-53239 page", url: "https://www.suse.com/security/cve/CVE-2024-53239/", }, { category: "self", summary: "SUSE CVE CVE-2024-56539 page", url: "https://www.suse.com/security/cve/CVE-2024-56539/", }, { category: "self", summary: "SUSE CVE CVE-2024-56548 page", url: "https://www.suse.com/security/cve/CVE-2024-56548/", }, { category: "self", summary: "SUSE CVE CVE-2024-56605 page", url: "https://www.suse.com/security/cve/CVE-2024-56605/", }, { category: "self", summary: "SUSE CVE CVE-2024-57948 page", url: "https://www.suse.com/security/cve/CVE-2024-57948/", }, { category: "self", summary: "SUSE CVE CVE-2025-21690 page", url: "https://www.suse.com/security/cve/CVE-2025-21690/", }, { category: "self", summary: "SUSE CVE CVE-2025-21692 page", url: "https://www.suse.com/security/cve/CVE-2025-21692/", }, { category: "self", summary: "SUSE CVE CVE-2025-21699 page", url: "https://www.suse.com/security/cve/CVE-2025-21699/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2025-03-19T12:13:45Z", generator: { date: "2025-03-19T12:13:45Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0945-1", initial_release_date: "2025-03-19T12:13:45Z", revision_history: [ { date: "2025-03-19T12:13:45Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-rt-5.14.21-150400.15.112.1.noarch", product: { name: "kernel-devel-rt-5.14.21-150400.15.112.1.noarch", product_id: "kernel-devel-rt-5.14.21-150400.15.112.1.noarch", }, }, { category: "product_version", name: "kernel-source-rt-5.14.21-150400.15.112.1.noarch", product: { name: "kernel-source-rt-5.14.21-150400.15.112.1.noarch", product_id: "kernel-source-rt-5.14.21-150400.15.112.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-rt-5.14.21-150400.15.112.1.x86_64", product: { name: "cluster-md-kmp-rt-5.14.21-150400.15.112.1.x86_64", product_id: "cluster-md-kmp-rt-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt-5.14.21-150400.15.112.1.x86_64", product: { name: "dlm-kmp-rt-5.14.21-150400.15.112.1.x86_64", product_id: "dlm-kmp-rt-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt-5.14.21-150400.15.112.1.x86_64", product: { name: "gfs2-kmp-rt-5.14.21-150400.15.112.1.x86_64", product_id: "gfs2-kmp-rt-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-rt-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-rt-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-rt-devel-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-rt-devel-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-extra-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-rt-extra-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-rt-extra-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-livepatch-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-rt-livepatch-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-rt-livepatch-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-livepatch-devel-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-rt-livepatch-devel-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-rt-livepatch-devel-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-optional-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-rt-optional-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-rt-optional-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-rt_debug-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-rt_debug-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-devel-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-rt_debug-devel-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-rt_debug-devel-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-5.14.21-150400.15.112.1.x86_64", product: { name: "kernel-syms-rt-5.14.21-150400.15.112.1.x86_64", product_id: "kernel-syms-rt-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt-5.14.21-150400.15.112.1.x86_64", product: { name: "kselftests-kmp-rt-5.14.21-150400.15.112.1.x86_64", product_id: "kselftests-kmp-rt-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt-5.14.21-150400.15.112.1.x86_64", product: { name: "ocfs2-kmp-rt-5.14.21-150400.15.112.1.x86_64", product_id: "ocfs2-kmp-rt-5.14.21-150400.15.112.1.x86_64", }, }, { category: "product_version", name: "reiserfs-kmp-rt-5.14.21-150400.15.112.1.x86_64", product: { name: "reiserfs-kmp-rt-5.14.21-150400.15.112.1.x86_64", product_id: "reiserfs-kmp-rt-5.14.21-150400.15.112.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.3", product: { name: "SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.4", product: { name: "SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-rt-5.14.21-150400.15.112.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", }, product_reference: "kernel-rt-5.14.21-150400.15.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-5.14.21-150400.15.112.1.noarch as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", }, product_reference: "kernel-source-rt-5.14.21-150400.15.112.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-5.14.21-150400.15.112.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", }, product_reference: "kernel-rt-5.14.21-150400.15.112.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-5.14.21-150400.15.112.1.noarch as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", }, product_reference: "kernel-source-rt-5.14.21-150400.15.112.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, ], }, vulnerabilities: [ { cve: "CVE-2022-49080", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-49080", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix mpol_new leak in shared_policy_replace\n\nIf mpol_new is allocated but not used in restart loop, mpol_new will be\nfreed via mpol_put before returning to the caller. But refcnt is not\ninitialized yet, so mpol_put could not do the right things and might\nleak the unused mpol_new. This would happen if mempolicy was updated on\nthe shared shmem file while the sp->lock has been dropped during the\nmemory allocation.\n\nThis issue could be triggered easily with the below code snippet if\nthere are many processes doing the below work at the same time:\n\n shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);\n shm = shmat(shmid, 0, 0);\n loop many times {\n mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);\n mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,\n maxnode, 0);\n }", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-49080", url: "https://www.suse.com/security/cve/CVE-2022-49080", }, { category: "external", summary: "SUSE Bug 1238033 for CVE-2022-49080", url: "https://bugzilla.suse.com/1238033", }, { category: "external", summary: "SUSE Bug 1238324 for CVE-2022-49080", url: "https://bugzilla.suse.com/1238324", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2022-49080", }, { cve: "CVE-2023-1192", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1192", }, ], notes: [ { category: "general", text: "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-1192", url: "https://www.suse.com/security/cve/CVE-2023-1192", }, { category: "external", summary: "SUSE Bug 1208995 for CVE-2023-1192", url: "https://bugzilla.suse.com/1208995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "moderate", }, ], title: "CVE-2023-1192", }, { cve: "CVE-2023-52572", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-52572", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix UAF in cifs_demultiplex_thread()\n\nThere is a UAF when xfstests on cifs:\n\n BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160\n Read of size 4 at addr ffff88810103fc08 by task cifsd/923\n\n CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45\n ...\n Call Trace:\n <TASK>\n dump_stack_lvl+0x34/0x44\n print_report+0x171/0x472\n kasan_report+0xad/0x130\n kasan_check_range+0x145/0x1a0\n smb2_is_network_name_deleted+0x27/0x160\n cifs_demultiplex_thread.cold+0x172/0x5a4\n kthread+0x165/0x1a0\n ret_from_fork+0x1f/0x30\n </TASK>\n\n Allocated by task 923:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_slab_alloc+0x54/0x60\n kmem_cache_alloc+0x147/0x320\n mempool_alloc+0xe1/0x260\n cifs_small_buf_get+0x24/0x60\n allocate_buffers+0xa1/0x1c0\n cifs_demultiplex_thread+0x199/0x10d0\n kthread+0x165/0x1a0\n ret_from_fork+0x1f/0x30\n\n Freed by task 921:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x40\n ____kasan_slab_free+0x143/0x1b0\n kmem_cache_free+0xe3/0x4d0\n cifs_small_buf_release+0x29/0x90\n SMB2_negotiate+0x8b7/0x1c60\n smb2_negotiate+0x51/0x70\n cifs_negotiate_protocol+0xf0/0x160\n cifs_get_smb_ses+0x5fa/0x13c0\n mount_get_conns+0x7a/0x750\n cifs_mount+0x103/0xd00\n cifs_smb3_do_mount+0x1dd/0xcb0\n smb3_get_tree+0x1d5/0x300\n vfs_get_tree+0x41/0xf0\n path_mount+0x9b3/0xdd0\n __x64_sys_mount+0x190/0x1d0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe UAF is because:\n\n mount(pid: 921) | cifsd(pid: 923)\n-------------------------------|-------------------------------\n | cifs_demultiplex_thread\nSMB2_negotiate |\n cifs_send_recv |\n compound_send_recv |\n smb_send_rqst |\n wait_for_response |\n wait_event_state [1] |\n | standard_receive3\n | cifs_handle_standard\n | handle_mid\n | mid->resp_buf = buf; [2]\n | dequeue_mid [3]\n KILL the process [4] |\n resp_iov[i].iov_base = buf |\n free_rsp_buf [5] |\n | is_network_name_deleted [6]\n | callback\n\n1. After send request to server, wait the response until\n mid->mid_state != SUBMITTED;\n2. Receive response from server, and set it to mid;\n3. Set the mid state to RECEIVED;\n4. Kill the process, the mid state already RECEIVED, get 0;\n5. Handle and release the negotiate response;\n6. UAF.\n\nIt can be easily reproduce with add some delay in [3] - [6].\n\nOnly sync call has the problem since async call's callback is\nexecuted in cifsd process.\n\nAdd an extra state to mark the mid state to READY before wakeup the\nwaitter, then it can get the resp safely.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-52572", url: "https://www.suse.com/security/cve/CVE-2023-52572", }, { category: "external", summary: "SUSE Bug 1220946 for CVE-2023-52572", url: "https://bugzilla.suse.com/1220946", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "low", }, ], title: "CVE-2023-52572", }, { cve: "CVE-2024-35949", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-35949", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn't set on the leaf, and then the\nextended leaf checks don't get run which we rely on to validate all of\nthe item pointers to make sure we don't access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking. This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n [2.621] Call Trace:\n [2.621] <TASK>\n [2.621] ? show_regs+0x74/0x80\n [2.621] ? die_addr+0x46/0xc0\n [2.621] ? exc_general_protection+0x161/0x2a0\n [2.621] ? asm_exc_general_protection+0x26/0x30\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? btrfs_get_16+0x34b/0x6d0\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? __pfx_btrfs_get_16+0x10/0x10\n [2.621] ? __pfx_mutex_unlock+0x10/0x10\n [2.621] btrfs_match_dir_item_name+0x101/0x1a0\n [2.621] btrfs_lookup_dir_item+0x1f3/0x280\n [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n [2.621] btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-35949", url: "https://www.suse.com/security/cve/CVE-2024-35949", }, { category: "external", summary: "SUSE Bug 1224700 for CVE-2024-35949", url: "https://bugzilla.suse.com/1224700", }, { category: "external", summary: "SUSE Bug 1229273 for CVE-2024-35949", url: "https://bugzilla.suse.com/1229273", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "moderate", }, ], title: "CVE-2024-35949", }, { cve: "CVE-2024-50115", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-50115", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn't using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM's much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it's only the nSVM flow\nthat is broken.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-50115", url: "https://www.suse.com/security/cve/CVE-2024-50115", }, { category: "external", summary: "SUSE Bug 1225742 for CVE-2024-50115", url: "https://bugzilla.suse.com/1225742", }, { category: "external", summary: "SUSE Bug 1232919 for CVE-2024-50115", url: "https://bugzilla.suse.com/1232919", }, { category: "external", summary: "SUSE Bug 1233019 for CVE-2024-50115", url: "https://bugzilla.suse.com/1233019", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2024-50115", }, { cve: "CVE-2024-50128", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-50128", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: fix global oob in wwan_rtnl_policy\n\nThe variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to\na global out-of-bounds read when parsing the netlink attributes. Exactly\nsame bug cause as the oob fixed in commit b33fb5b801c6 (\"net: qualcomm:\nrmnet: fix global oob in rmnet_policy\").\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\nRead of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862\n\nCPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x14f/0x750 mm/kasan/report.c:395\n kasan_report+0x139/0x170 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:388 [inline]\n __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\n __nla_parse+0x3c/0x50 lib/nlattr.c:700\n nla_parse_nested_deprecated include/net/netlink.h:1269 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3514 [inline]\n rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623\n rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122\n netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508\n netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]\n netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352\n netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874\n sock_sendmsg_nosec net/socket.c:716 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499\n ___sys_sendmsg+0x21c/0x290 net/socket.c:2553\n __sys_sendmsg net/socket.c:2582 [inline]\n __do_sys_sendmsg net/socket.c:2591 [inline]\n __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f67b19a24ad\nRSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad\nRDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004\nRBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40\n </TASK>\n\nThe buggy address belongs to the variable:\n wwan_rtnl_policy+0x20/0x40\n\nThe buggy address belongs to the physical page:\npage:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c\nflags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner info is not present (never set?)\n\nMemory state around the buggy address:\n ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9\n ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9\n>ffffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9\n ^\n ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n==================================================================\n\nAccording to the comment of `nla_parse_nested_deprecated`, use correct size\n`IFLA_WWAN_MAX` here to fix this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-50128", url: "https://www.suse.com/security/cve/CVE-2024-50128", }, { category: "external", summary: "SUSE Bug 1232905 for CVE-2024-50128", url: "https://bugzilla.suse.com/1232905", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "moderate", }, ], title: "CVE-2024-50128", }, { cve: "CVE-2024-53135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-53135", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN\n\nHide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support\nfor virtualizing Intel PT via guest/host mode unless BROKEN=y. There are\nmyriad bugs in the implementation, some of which are fatal to the guest,\nand others which put the stability and health of the host at risk.\n\nFor guest fatalities, the most glaring issue is that KVM fails to ensure\ntracing is disabled, and *stays* disabled prior to VM-Enter, which is\nnecessary as hardware disallows loading (the guest's) RTIT_CTL if tracing\nis enabled (enforced via a VMX consistency check). Per the SDM:\n\n If the logical processor is operating with Intel PT enabled (if\n IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the \"load\n IA32_RTIT_CTL\" VM-entry control must be 0.\n\nOn the host side, KVM doesn't validate the guest CPUID configuration\nprovided by userspace, and even worse, uses the guest configuration to\ndecide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring\nguest CPUID to enumerate more address ranges than are supported in hardware\nwill result in KVM trying to passthrough, save, and load non-existent MSRs,\nwhich generates a variety of WARNs, ToPA ERRORs in the host, a potential\ndeadlock, etc.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-53135", url: "https://www.suse.com/security/cve/CVE-2024-53135", }, { category: "external", summary: "SUSE Bug 1234154 for CVE-2024-53135", url: "https://bugzilla.suse.com/1234154", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "moderate", }, ], title: "CVE-2024-53135", }, { cve: "CVE-2024-53173", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-53173", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-53173", url: "https://www.suse.com/security/cve/CVE-2024-53173", }, { category: "external", summary: "SUSE Bug 1234853 for CVE-2024-53173", url: "https://bugzilla.suse.com/1234853", }, { category: "external", summary: "SUSE Bug 1234891 for CVE-2024-53173", url: "https://bugzilla.suse.com/1234891", }, { category: "external", summary: "SUSE Bug 1234892 for CVE-2024-53173", url: "https://bugzilla.suse.com/1234892", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2024-53173", }, { cve: "CVE-2024-53239", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-53239", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we're calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card's\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-53239", url: "https://www.suse.com/security/cve/CVE-2024-53239", }, { category: "external", summary: "SUSE Bug 1234853 for CVE-2024-53239", url: "https://bugzilla.suse.com/1234853", }, { category: "external", summary: "SUSE Bug 1235054 for CVE-2024-53239", url: "https://bugzilla.suse.com/1235054", }, { category: "external", summary: "SUSE Bug 1235055 for CVE-2024-53239", url: "https://bugzilla.suse.com/1235055", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2024-53239", }, { cve: "CVE-2024-56539", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-56539", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv->ssid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in->ssid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv->ssid,\n user_scan_in->ssid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn't account for the size of the one-element\narray, so it doesn't need to be changed.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-56539", url: "https://www.suse.com/security/cve/CVE-2024-56539", }, { category: "external", summary: "SUSE Bug 1234853 for CVE-2024-56539", url: "https://bugzilla.suse.com/1234853", }, { category: "external", summary: "SUSE Bug 1234963 for CVE-2024-56539", url: "https://bugzilla.suse.com/1234963", }, { category: "external", summary: "SUSE Bug 1234964 for CVE-2024-56539", url: "https://bugzilla.suse.com/1234964", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2024-56539", }, { cve: "CVE-2024-56548", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-56548", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don't query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] <TASK>\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-56548", url: "https://www.suse.com/security/cve/CVE-2024-56548", }, { category: "external", summary: "SUSE Bug 1234853 for CVE-2024-56548", url: "https://bugzilla.suse.com/1234853", }, { category: "external", summary: "SUSE Bug 1235073 for CVE-2024-56548", url: "https://bugzilla.suse.com/1235073", }, { category: "external", summary: "SUSE Bug 1235074 for CVE-2024-56548", url: "https://bugzilla.suse.com/1235074", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2024-56548", }, { cve: "CVE-2024-56605", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-56605", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-56605", url: "https://www.suse.com/security/cve/CVE-2024-56605", }, { category: "external", summary: "SUSE Bug 1234853 for CVE-2024-56605", url: "https://bugzilla.suse.com/1234853", }, { category: "external", summary: "SUSE Bug 1235061 for CVE-2024-56605", url: "https://bugzilla.suse.com/1235061", }, { category: "external", summary: "SUSE Bug 1235062 for CVE-2024-56605", url: "https://bugzilla.suse.com/1235062", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2024-56605", }, { cve: "CVE-2024-57948", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-57948", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(&sdata->list)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local->interfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 <0f> 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-57948", url: "https://www.suse.com/security/cve/CVE-2024-57948", }, { category: "external", summary: "SUSE Bug 1236677 for CVE-2024-57948", url: "https://bugzilla.suse.com/1236677", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2024-57948", }, { cve: "CVE-2025-21690", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-21690", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there's a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn't DoS the VM.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2025-21690", url: "https://www.suse.com/security/cve/CVE-2025-21690", }, { category: "external", summary: "SUSE Bug 1237025 for CVE-2025-21690", url: "https://bugzilla.suse.com/1237025", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "moderate", }, ], title: "CVE-2025-21690", }, { cve: "CVE-2025-21692", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-21692", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type 'ets_class [16]'\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] <TASK>\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] </TASK>\n [ 18.888610] ---[ end trace ]---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2025-21692", url: "https://www.suse.com/security/cve/CVE-2025-21692", }, { category: "external", summary: "SUSE Bug 1237028 for CVE-2025-21692", url: "https://bugzilla.suse.com/1237028", }, { category: "external", summary: "SUSE Bug 1237048 for CVE-2025-21692", url: "https://bugzilla.suse.com/1237048", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "important", }, ], title: "CVE-2025-21692", }, { cve: "CVE-2025-21699", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-21699", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode's address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2025-21699", url: "https://www.suse.com/security/cve/CVE-2025-21699", }, { category: "external", summary: "SUSE Bug 1237139 for CVE-2025-21699", url: "https://bugzilla.suse.com/1237139", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.112.1.noarch", "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.112.1.x86_64", "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.112.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-03-19T12:13:45Z", details: "moderate", }, ], title: "CVE-2025-21699", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.