suse-su-2025:0229-1
Vulnerability from csaf_suse
Published
2025-01-24 10:10
Modified
2025-01-24 10:10
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- KVM: x86: fix sending PV IPI (git-fixes).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) (bsc#1233642).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
Patchnames
SUSE-2025-229,SUSE-SLE-Micro-5.5-2025-229
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).\n- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).\n- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).\n- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).\n- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).\n- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).\n- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).\n- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).\n- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).\n- CVE-2024-47666: scsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it (bsc#1231453).\n- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).\n- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).\n- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).\n- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).\n- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).\n- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).\n- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).\n- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).\n- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).\n- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).\n- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).\n- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).\n- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).\n- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).\n- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).\n- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558).\n- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).\n- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).\n- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).\n- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).\n- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).\n- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).\n- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).\n- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).\n- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).\n- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).\n- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).\n- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).\n- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).\n- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).\n- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).\n- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).\n- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).\n- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).\n- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).\n- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).\n- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).\n- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).\n- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).\n- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (bsc#1234282).\n- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).\n- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).\n- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object-\u003efile (bsc#1234912).\n- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).\n- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).\n- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).\n- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).\n- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).\n- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).\n- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).\n\nThe following non-security bugs were fixed:\n\n- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)\n- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).\n- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).\n- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).\n- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).\n- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).\n- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).\n- arm64: dts: rockchip: Remove hdmi\u0027s 2nd interrupt on rk3328 (git-fixes).\n- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)\n- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).\n- autofs: use flexible array in ioctl structure (git-fixes).\n- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).\n- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).\n- dma-fence: Fix reference leak on fence merge failure path (git-fixes).\n- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).\n- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).\n- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).\n- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).\n- drm/sti: Add __iomem for mixer_dbg_mxn\u0027s parameter (git-fixes).\n- drm/v3d: Enable Performance Counters before clearing them (git-fixes).\n- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).\n- hfsplus: do not query the device logical block size multiple times (git-fixes).\n- idpf: add support for SW triggered interrupts (bsc#1235507).\n- idpf: enable WB_ON_ITR (bsc#1235507).\n- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).\n- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).\n- jffs2: Fix rtime decompressor (git-fixes).\n- jffs2: fix use of uninitialized variable (git-fixes).\n- jffs2: Prevent rtime decompress memory corruption (git-fixes).\n- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).\n- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).\n- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).\n- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).\n- jfs: xattr: check invalid xattr size more strictly (git-fixes).\n- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth\n- kobject: Add sanity check for kset-\u003ekobj.ktype in kset_register() (bsc#1234639).\n- KVM: x86: fix sending PV IPI (git-fixes).\n- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).\n- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).\n- mmc: core: Further prevent card detect during shutdown (git-fixes).\n- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).\n- net/ipv6: release expired exception dst cached in socket (bsc#1216813).\n- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).\n- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).\n- nfsd: make sure exp active before svc_export_show (git-fixes).\n- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).\n- NFSD: Prevent a potential integer overflow (git-fixes).\n- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).\n- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).\n- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).\n- nfsd: restore callback functionality for NFSv4.0 (git-fixes).\n- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).\n- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).\n- nilfs2: prevent use of deleted inode (git-fixes).\n- ocfs2: uncache inode which has failed entering the group (bsc#1234087).\n- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).\n- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).\n- platform/x86: Add AMD system management interface (jsc#PED-1295).\n- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).\n- pwm: tegra: Improve required rate calculation (jsc#PED-1763).\n- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)\n- regmap: detach regmap from dev on regmap_exit (git-fixes).\n- scatterlist: fix incorrect func name in kernel-doc (git-fixes).\n- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo\n- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).\n- serial: tegra: Read DMA status before terminating (jsc#PED-1763).\n- smb: client: fix TCP timers deadlock after rmmod (git-fixes) (bsc#1233642).\n- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).\n- SUNRPC: make sure cache entry active before cache_show (git-fixes).\n- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).\n- svcrdma: Address an integer overflow (git-fixes).\n- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).\n- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)\n- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).\n- ubifs: Correct the total block count by deducting journal reservation (git-fixes).\n- udf: Handle error when adding extent to a file (bsc#1234437).\n- udf: refactor udf_current_aext() to handle error (bsc#1234240).\n- udf: refactor udf_next_aext() to handle error (bsc#1234241).\n- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).\n- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).\n- x86: Annotate call_on_stack() (git-fixes).\n- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).\n- x86/fpu: Remove unused supervisor only offsets (git-fixes).\n- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).\n- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).\n- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).\n- x86/mce: Allow instrumentation during task work queueing (git-fixes).\n- x86/mce: Mark mce_end() noinstr (git-fixes).\n- x86/mce: Mark mce_panic() noinstr (git-fixes).\n- x86/mce: Mark mce_read_aux() noinstr (git-fixes).\n- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).\n- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).\n- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).\n- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).\n- x86/uaccess: Move variable into switch case statement (git-fixes).\n- xfs: can\u0027t use kmem_zalloc() for attribute buffers (bsc#1216909).\n- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-229,SUSE-SLE-Micro-5.5-2025-229",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0229-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0229-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0229-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020194.html"
},
{
"category": "self",
"summary": "SUSE Bug 1135481",
"url": "https://bugzilla.suse.com/1135481"
},
{
"category": "self",
"summary": "SUSE Bug 1170891",
"url": "https://bugzilla.suse.com/1170891"
},
{
"category": "self",
"summary": "SUSE Bug 1171420",
"url": "https://bugzilla.suse.com/1171420"
},
{
"category": "self",
"summary": "SUSE Bug 1173139",
"url": "https://bugzilla.suse.com/1173139"
},
{
"category": "self",
"summary": "SUSE Bug 1175543",
"url": "https://bugzilla.suse.com/1175543"
},
{
"category": "self",
"summary": "SUSE Bug 1181006",
"url": "https://bugzilla.suse.com/1181006"
},
{
"category": "self",
"summary": "SUSE Bug 1185010",
"url": "https://bugzilla.suse.com/1185010"
},
{
"category": "self",
"summary": "SUSE Bug 1187211",
"url": "https://bugzilla.suse.com/1187211"
},
{
"category": "self",
"summary": "SUSE Bug 1187619",
"url": "https://bugzilla.suse.com/1187619"
},
{
"category": "self",
"summary": "SUSE Bug 1188412",
"url": "https://bugzilla.suse.com/1188412"
},
{
"category": "self",
"summary": "SUSE Bug 1188616",
"url": "https://bugzilla.suse.com/1188616"
},
{
"category": "self",
"summary": "SUSE Bug 1188700",
"url": "https://bugzilla.suse.com/1188700"
},
{
"category": "self",
"summary": "SUSE Bug 1188983",
"url": "https://bugzilla.suse.com/1188983"
},
{
"category": "self",
"summary": "SUSE Bug 1188985",
"url": "https://bugzilla.suse.com/1188985"
},
{
"category": "self",
"summary": "SUSE Bug 1189760",
"url": "https://bugzilla.suse.com/1189760"
},
{
"category": "self",
"summary": "SUSE Bug 1189762",
"url": "https://bugzilla.suse.com/1189762"
},
{
"category": "self",
"summary": "SUSE Bug 1189870",
"url": "https://bugzilla.suse.com/1189870"
},
{
"category": "self",
"summary": "SUSE Bug 1189872",
"url": "https://bugzilla.suse.com/1189872"
},
{
"category": "self",
"summary": "SUSE Bug 1190117",
"url": "https://bugzilla.suse.com/1190117"
},
{
"category": "self",
"summary": "SUSE Bug 1190131",
"url": "https://bugzilla.suse.com/1190131"
},
{
"category": "self",
"summary": "SUSE Bug 1190181",
"url": "https://bugzilla.suse.com/1190181"
},
{
"category": "self",
"summary": "SUSE Bug 1190358",
"url": "https://bugzilla.suse.com/1190358"
},
{
"category": "self",
"summary": "SUSE Bug 1190412",
"url": "https://bugzilla.suse.com/1190412"
},
{
"category": "self",
"summary": "SUSE Bug 1190428",
"url": "https://bugzilla.suse.com/1190428"
},
{
"category": "self",
"summary": "SUSE Bug 1203332",
"url": "https://bugzilla.suse.com/1203332"
},
{
"category": "self",
"summary": "SUSE Bug 1205521",
"url": "https://bugzilla.suse.com/1205521"
},
{
"category": "self",
"summary": "SUSE Bug 1209288",
"url": "https://bugzilla.suse.com/1209288"
},
{
"category": "self",
"summary": "SUSE Bug 1209798",
"url": "https://bugzilla.suse.com/1209798"
},
{
"category": "self",
"summary": "SUSE Bug 1211593",
"url": "https://bugzilla.suse.com/1211593"
},
{
"category": "self",
"summary": "SUSE Bug 1211595",
"url": "https://bugzilla.suse.com/1211595"
},
{
"category": "self",
"summary": "SUSE Bug 1215304",
"url": "https://bugzilla.suse.com/1215304"
},
{
"category": "self",
"summary": "SUSE Bug 1216813",
"url": "https://bugzilla.suse.com/1216813"
},
{
"category": "self",
"summary": "SUSE Bug 1216909",
"url": "https://bugzilla.suse.com/1216909"
},
{
"category": "self",
"summary": "SUSE Bug 1219608",
"url": "https://bugzilla.suse.com/1219608"
},
{
"category": "self",
"summary": "SUSE Bug 1222878",
"url": "https://bugzilla.suse.com/1222878"
},
{
"category": "self",
"summary": "SUSE Bug 1223044",
"url": "https://bugzilla.suse.com/1223044"
},
{
"category": "self",
"summary": "SUSE Bug 1225758",
"url": "https://bugzilla.suse.com/1225758"
},
{
"category": "self",
"summary": "SUSE Bug 1225820",
"url": "https://bugzilla.suse.com/1225820"
},
{
"category": "self",
"summary": "SUSE Bug 1226694",
"url": "https://bugzilla.suse.com/1226694"
},
{
"category": "self",
"summary": "SUSE Bug 1228190",
"url": "https://bugzilla.suse.com/1228190"
},
{
"category": "self",
"summary": "SUSE Bug 1229809",
"url": "https://bugzilla.suse.com/1229809"
},
{
"category": "self",
"summary": "SUSE Bug 1230422",
"url": "https://bugzilla.suse.com/1230422"
},
{
"category": "self",
"summary": "SUSE Bug 1230697",
"url": "https://bugzilla.suse.com/1230697"
},
{
"category": "self",
"summary": "SUSE Bug 1231388",
"url": "https://bugzilla.suse.com/1231388"
},
{
"category": "self",
"summary": "SUSE Bug 1231453",
"url": "https://bugzilla.suse.com/1231453"
},
{
"category": "self",
"summary": "SUSE Bug 1231854",
"url": "https://bugzilla.suse.com/1231854"
},
{
"category": "self",
"summary": "SUSE Bug 1232045",
"url": "https://bugzilla.suse.com/1232045"
},
{
"category": "self",
"summary": "SUSE Bug 1232157",
"url": "https://bugzilla.suse.com/1232157"
},
{
"category": "self",
"summary": "SUSE Bug 1232166",
"url": "https://bugzilla.suse.com/1232166"
},
{
"category": "self",
"summary": "SUSE Bug 1232419",
"url": "https://bugzilla.suse.com/1232419"
},
{
"category": "self",
"summary": "SUSE Bug 1232436",
"url": "https://bugzilla.suse.com/1232436"
},
{
"category": "self",
"summary": "SUSE Bug 1232472",
"url": "https://bugzilla.suse.com/1232472"
},
{
"category": "self",
"summary": "SUSE Bug 1232823",
"url": "https://bugzilla.suse.com/1232823"
},
{
"category": "self",
"summary": "SUSE Bug 1233038",
"url": "https://bugzilla.suse.com/1233038"
},
{
"category": "self",
"summary": "SUSE Bug 1233050",
"url": "https://bugzilla.suse.com/1233050"
},
{
"category": "self",
"summary": "SUSE Bug 1233070",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "self",
"summary": "SUSE Bug 1233096",
"url": "https://bugzilla.suse.com/1233096"
},
{
"category": "self",
"summary": "SUSE Bug 1233127",
"url": "https://bugzilla.suse.com/1233127"
},
{
"category": "self",
"summary": "SUSE Bug 1233200",
"url": "https://bugzilla.suse.com/1233200"
},
{
"category": "self",
"summary": "SUSE Bug 1233239",
"url": "https://bugzilla.suse.com/1233239"
},
{
"category": "self",
"summary": "SUSE Bug 1233324",
"url": "https://bugzilla.suse.com/1233324"
},
{
"category": "self",
"summary": "SUSE Bug 1233467",
"url": "https://bugzilla.suse.com/1233467"
},
{
"category": "self",
"summary": "SUSE Bug 1233468",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "self",
"summary": "SUSE Bug 1233469",
"url": "https://bugzilla.suse.com/1233469"
},
{
"category": "self",
"summary": "SUSE Bug 1233485",
"url": "https://bugzilla.suse.com/1233485"
},
{
"category": "self",
"summary": "SUSE Bug 1233547",
"url": "https://bugzilla.suse.com/1233547"
},
{
"category": "self",
"summary": "SUSE Bug 1233550",
"url": "https://bugzilla.suse.com/1233550"
},
{
"category": "self",
"summary": "SUSE Bug 1233558",
"url": "https://bugzilla.suse.com/1233558"
},
{
"category": "self",
"summary": "SUSE Bug 1233564",
"url": "https://bugzilla.suse.com/1233564"
},
{
"category": "self",
"summary": "SUSE Bug 1233568",
"url": "https://bugzilla.suse.com/1233568"
},
{
"category": "self",
"summary": "SUSE Bug 1233637",
"url": "https://bugzilla.suse.com/1233637"
},
{
"category": "self",
"summary": "SUSE Bug 1233701",
"url": "https://bugzilla.suse.com/1233701"
},
{
"category": "self",
"summary": "SUSE Bug 1233769",
"url": "https://bugzilla.suse.com/1233769"
},
{
"category": "self",
"summary": "SUSE Bug 1233837",
"url": "https://bugzilla.suse.com/1233837"
},
{
"category": "self",
"summary": "SUSE Bug 1234072",
"url": "https://bugzilla.suse.com/1234072"
},
{
"category": "self",
"summary": "SUSE Bug 1234073",
"url": "https://bugzilla.suse.com/1234073"
},
{
"category": "self",
"summary": "SUSE Bug 1234075",
"url": "https://bugzilla.suse.com/1234075"
},
{
"category": "self",
"summary": "SUSE Bug 1234076",
"url": "https://bugzilla.suse.com/1234076"
},
{
"category": "self",
"summary": "SUSE Bug 1234077",
"url": "https://bugzilla.suse.com/1234077"
},
{
"category": "self",
"summary": "SUSE Bug 1234087",
"url": "https://bugzilla.suse.com/1234087"
},
{
"category": "self",
"summary": "SUSE Bug 1234120",
"url": "https://bugzilla.suse.com/1234120"
},
{
"category": "self",
"summary": "SUSE Bug 1234156",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "self",
"summary": "SUSE Bug 1234219",
"url": "https://bugzilla.suse.com/1234219"
},
{
"category": "self",
"summary": "SUSE Bug 1234220",
"url": "https://bugzilla.suse.com/1234220"
},
{
"category": "self",
"summary": "SUSE Bug 1234240",
"url": "https://bugzilla.suse.com/1234240"
},
{
"category": "self",
"summary": "SUSE Bug 1234241",
"url": "https://bugzilla.suse.com/1234241"
},
{
"category": "self",
"summary": "SUSE Bug 1234281",
"url": "https://bugzilla.suse.com/1234281"
},
{
"category": "self",
"summary": "SUSE Bug 1234282",
"url": "https://bugzilla.suse.com/1234282"
},
{
"category": "self",
"summary": "SUSE Bug 1234294",
"url": "https://bugzilla.suse.com/1234294"
},
{
"category": "self",
"summary": "SUSE Bug 1234338",
"url": "https://bugzilla.suse.com/1234338"
},
{
"category": "self",
"summary": "SUSE Bug 1234357",
"url": "https://bugzilla.suse.com/1234357"
},
{
"category": "self",
"summary": "SUSE Bug 1234437",
"url": "https://bugzilla.suse.com/1234437"
},
{
"category": "self",
"summary": "SUSE Bug 1234464",
"url": "https://bugzilla.suse.com/1234464"
},
{
"category": "self",
"summary": "SUSE Bug 1234605",
"url": "https://bugzilla.suse.com/1234605"
},
{
"category": "self",
"summary": "SUSE Bug 1234639",
"url": "https://bugzilla.suse.com/1234639"
},
{
"category": "self",
"summary": "SUSE Bug 1234650",
"url": "https://bugzilla.suse.com/1234650"
},
{
"category": "self",
"summary": "SUSE Bug 1234727",
"url": "https://bugzilla.suse.com/1234727"
},
{
"category": "self",
"summary": "SUSE Bug 1234811",
"url": "https://bugzilla.suse.com/1234811"
},
{
"category": "self",
"summary": "SUSE Bug 1234827",
"url": "https://bugzilla.suse.com/1234827"
},
{
"category": "self",
"summary": "SUSE Bug 1234834",
"url": "https://bugzilla.suse.com/1234834"
},
{
"category": "self",
"summary": "SUSE Bug 1234843",
"url": "https://bugzilla.suse.com/1234843"
},
{
"category": "self",
"summary": "SUSE Bug 1234846",
"url": "https://bugzilla.suse.com/1234846"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234856",
"url": "https://bugzilla.suse.com/1234856"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234912",
"url": "https://bugzilla.suse.com/1234912"
},
{
"category": "self",
"summary": "SUSE Bug 1234920",
"url": "https://bugzilla.suse.com/1234920"
},
{
"category": "self",
"summary": "SUSE Bug 1234921",
"url": "https://bugzilla.suse.com/1234921"
},
{
"category": "self",
"summary": "SUSE Bug 1234960",
"url": "https://bugzilla.suse.com/1234960"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1234971",
"url": "https://bugzilla.suse.com/1234971"
},
{
"category": "self",
"summary": "SUSE Bug 1234973",
"url": "https://bugzilla.suse.com/1234973"
},
{
"category": "self",
"summary": "SUSE Bug 1235004",
"url": "https://bugzilla.suse.com/1235004"
},
{
"category": "self",
"summary": "SUSE Bug 1235035",
"url": "https://bugzilla.suse.com/1235035"
},
{
"category": "self",
"summary": "SUSE Bug 1235037",
"url": "https://bugzilla.suse.com/1235037"
},
{
"category": "self",
"summary": "SUSE Bug 1235039",
"url": "https://bugzilla.suse.com/1235039"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235056",
"url": "https://bugzilla.suse.com/1235056"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235220",
"url": "https://bugzilla.suse.com/1235220"
},
{
"category": "self",
"summary": "SUSE Bug 1235224",
"url": "https://bugzilla.suse.com/1235224"
},
{
"category": "self",
"summary": "SUSE Bug 1235246",
"url": "https://bugzilla.suse.com/1235246"
},
{
"category": "self",
"summary": "SUSE Bug 1235507",
"url": "https://bugzilla.suse.com/1235507"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12770 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34556 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-35477 page",
"url": "https://www.suse.com/security/cve/CVE-2021-35477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38160 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47202 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-36280 page",
"url": "https://www.suse.com/security/cve/CVE-2022-36280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48742 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49033 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49035 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1382 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-33951 page",
"url": "https://www.suse.com/security/cve/CVE-2023-33951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-33952 page",
"url": "https://www.suse.com/security/cve/CVE-2023-33952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52920 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36915 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44934 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47666 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47678 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49944 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50143 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50154 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50166 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50181 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50202 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50211 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50256 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50262 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50278 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50280 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50296 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53090 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53113 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53114 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53119 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53120 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53122 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53130 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53131 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53146 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53150 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53161 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53162 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53179 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53206 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53210 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53213 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53214 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53241 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53241/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56549 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56570 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56575 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56598 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56604 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56619 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56755 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8805 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8805/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-01-24T10:10:25Z",
"generator": {
"date": "2025-01-24T10:10:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0229-1",
"initial_release_date": "2025-01-24T10:10:25Z",
"revision_history": [
{
"date": "2025-01-24T10:10:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150500.13.82.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150500.13.82.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150500.13.82.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150500.13.82.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150500.13.82.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150500.13.82.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt-vdso-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt-vdso-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-rt_debug-vdso-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150500.13.82.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150500.13.82.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150500.13.82.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150500.13.82.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150500.13.82.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150500.13.82.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150500.13.82.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150500.13.82.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12770"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12770",
"url": "https://www.suse.com/security/cve/CVE-2020-12770"
},
{
"category": "external",
"summary": "SUSE Bug 1171420 for CVE-2020-12770",
"url": "https://bugzilla.suse.com/1171420"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2020-12770"
},
{
"cve": "CVE-2021-34556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34556",
"url": "https://www.suse.com/security/cve/CVE-2021-34556"
},
{
"category": "external",
"summary": "SUSE Bug 1188983 for CVE-2021-34556",
"url": "https://bugzilla.suse.com/1188983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2021-34556"
},
{
"cve": "CVE-2021-35477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-35477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-35477",
"url": "https://www.suse.com/security/cve/CVE-2021-35477"
},
{
"category": "external",
"summary": "SUSE Bug 1188985 for CVE-2021-35477",
"url": "https://bugzilla.suse.com/1188985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2021-35477"
},
{
"cve": "CVE-2021-38160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38160"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38160",
"url": "https://www.suse.com/security/cve/CVE-2021-38160"
},
{
"category": "external",
"summary": "SUSE Bug 1190117 for CVE-2021-38160",
"url": "https://bugzilla.suse.com/1190117"
},
{
"category": "external",
"summary": "SUSE Bug 1190118 for CVE-2021-38160",
"url": "https://bugzilla.suse.com/1190118"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-38160",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2021-38160"
},
{
"cve": "CVE-2021-47202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: Fix NULL pointer dereferences in of_thermal_ functions\n\nof_parse_thermal_zones() parses the thermal-zones node and registers a\nthermal_zone device for each subnode. However, if a thermal zone is\nconsuming a thermal sensor and that thermal sensor device hasn\u0027t probed\nyet, an attempt to set trip_point_*_temp for that thermal zone device\ncan cause a NULL pointer dereference. Fix it.\n\n console:/sys/class/thermal/thermal_zone87 # echo 120000 \u003e trip_point_0_temp\n ...\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n ...\n Call trace:\n of_thermal_set_trip_temp+0x40/0xc4\n trip_point_temp_store+0xc0/0x1dc\n dev_attr_store+0x38/0x88\n sysfs_kf_write+0x64/0xc0\n kernfs_fop_write_iter+0x108/0x1d0\n vfs_write+0x2f4/0x368\n ksys_write+0x7c/0xec\n __arm64_sys_write+0x20/0x30\n el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc\n do_el0_svc+0x28/0xa0\n el0_svc+0x14/0x24\n el0_sync_handler+0x88/0xec\n el0_sync+0x1c0/0x200\n\nWhile at it, fix the possible NULL pointer dereference in other\nfunctions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(),\nof_thermal_get_trend().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47202",
"url": "https://www.suse.com/security/cve/CVE-2021-47202"
},
{
"category": "external",
"summary": "SUSE Bug 1222878 for CVE-2021-47202",
"url": "https://bugzilla.suse.com/1222878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2021-47202"
},
{
"cve": "CVE-2022-36280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-36280"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-36280",
"url": "https://www.suse.com/security/cve/CVE-2022-36280"
},
{
"category": "external",
"summary": "SUSE Bug 1203332 for CVE-2022-36280",
"url": "https://bugzilla.suse.com/1203332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-36280"
},
{
"cve": "CVE-2022-48742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()\n\nWhile looking at one unrelated syzbot bug, I found the replay logic\nin __rtnl_newlink() to potentially trigger use-after-free.\n\nIt is better to clear master_dev and m_ops inside the loop,\nin case we have to replay it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48742",
"url": "https://www.suse.com/security/cve/CVE-2022-48742"
},
{
"category": "external",
"summary": "SUSE Bug 1226694 for CVE-2022-48742",
"url": "https://bugzilla.suse.com/1226694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-48742"
},
{
"cve": "CVE-2022-49033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()\n\nSyzkaller reported BUG as follows:\n\n BUG: sleeping function called from invalid context at\n include/linux/sched/mm.h:274\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xcd/0x134\n __might_resched.cold+0x222/0x26b\n kmem_cache_alloc+0x2e7/0x3c0\n update_qgroup_limit_item+0xe1/0x390\n btrfs_qgroup_inherit+0x147b/0x1ee0\n create_subvol+0x4eb/0x1710\n btrfs_mksubvol+0xfe5/0x13f0\n __btrfs_ioctl_snap_create+0x2b0/0x430\n btrfs_ioctl_snap_create_v2+0x25a/0x520\n btrfs_ioctl+0x2a1c/0x5ce0\n __x64_sys_ioctl+0x193/0x200\n do_syscall_64+0x35/0x80\n\nFix this by calling qgroup_dirty() on @dstqgroup, and update limit item in\nbtrfs_run_qgroups() later outside of the spinlock context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49033",
"url": "https://www.suse.com/security/cve/CVE-2022-49033"
},
{
"category": "external",
"summary": "SUSE Bug 1232045 for CVE-2022-49033",
"url": "https://bugzilla.suse.com/1232045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-49033"
},
{
"cve": "CVE-2022-49035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE\n\nI expect that the hardware will have limited this to 16, but just in\ncase it hasn\u0027t, check for this corner case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49035",
"url": "https://www.suse.com/security/cve/CVE-2022-49035"
},
{
"category": "external",
"summary": "SUSE Bug 1215304 for CVE-2022-49035",
"url": "https://bugzilla.suse.com/1215304"
},
{
"category": "external",
"summary": "SUSE Bug 1235013 for CVE-2022-49035",
"url": "https://bugzilla.suse.com/1235013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2022-49035"
},
{
"cve": "CVE-2023-1382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1382"
}
],
"notes": [
{
"category": "general",
"text": "A data race flaw was found in the Linux kernel, between where con is allocated and con-\u003esock is set. This issue leads to a NULL pointer dereference when accessing con-\u003esock-\u003esk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1382",
"url": "https://www.suse.com/security/cve/CVE-2023-1382"
},
{
"category": "external",
"summary": "SUSE Bug 1209288 for CVE-2023-1382",
"url": "https://bugzilla.suse.com/1209288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2023-1382"
},
{
"cve": "CVE-2023-33951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-33951"
}
],
"notes": [
{
"category": "general",
"text": "A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-33951",
"url": "https://www.suse.com/security/cve/CVE-2023-33951"
},
{
"category": "external",
"summary": "SUSE Bug 1211593 for CVE-2023-33951",
"url": "https://bugzilla.suse.com/1211593"
},
{
"category": "external",
"summary": "SUSE Bug 1216527 for CVE-2023-33951",
"url": "https://bugzilla.suse.com/1216527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2023-33951"
},
{
"cve": "CVE-2023-33952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-33952"
}
],
"notes": [
{
"category": "general",
"text": "A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-33952",
"url": "https://www.suse.com/security/cve/CVE-2023-33952"
},
{
"category": "external",
"summary": "SUSE Bug 1211595 for CVE-2023-33952",
"url": "https://bugzilla.suse.com/1211595"
},
{
"category": "external",
"summary": "SUSE Bug 1212348 for CVE-2023-33952",
"url": "https://bugzilla.suse.com/1212348"
},
{
"category": "external",
"summary": "SUSE Bug 1216527 for CVE-2023-33952",
"url": "https://bugzilla.suse.com/1216527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2023-33952"
},
{
"cve": "CVE-2023-52920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: support non-r10 register spill/fill to/from stack in precision tracking\n\nUse instruction (jump) history to record instructions that performed\nregister spill/fill to/from stack, regardless if this was done through\nread-only r10 register, or any other register after copying r10 into it\n*and* potentially adjusting offset.\n\nTo make this work reliably, we push extra per-instruction flags into\ninstruction history, encoding stack slot index (spi) and stack frame\nnumber in extra 10 bit flags we take away from prev_idx in instruction\nhistory. We don\u0027t touch idx field for maximum performance, as it\u0027s\nchecked most frequently during backtracking.\n\nThis change removes basically the last remaining practical limitation of\nprecision backtracking logic in BPF verifier. It fixes known\ndeficiencies, but also opens up new opportunities to reduce number of\nverified states, explored in the subsequent patches.\n\nThere are only three differences in selftests\u0027 BPF object files\naccording to veristat, all in the positive direction (less states).\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n-------------------------------------- ------------- --------- --------- ------------- ---------- ---------- -------------\ntest_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%)\n\nNote, I avoided renaming jmp_history to more generic insn_hist to\nminimize number of lines changed and potential merge conflicts between\nbpf and bpf-next trees.\n\nNotice also cur_hist_entry pointer reset to NULL at the beginning of\ninstruction verification loop. This pointer avoids the problem of\nrelying on last jump history entry\u0027s insn_idx to determine whether we\nalready have entry for current instruction or not. It can happen that we\nadded jump history entry because current instruction is_jmp_point(), but\nalso we need to add instruction flags for stack access. In this case, we\ndon\u0027t want to entries, so we need to reuse last added entry, if it is\npresent.\n\nRelying on insn_idx comparison has the same ambiguity problem as the one\nthat was fixed recently in [0], so we avoid that.\n\n [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52920",
"url": "https://www.suse.com/security/cve/CVE-2023-52920"
},
{
"category": "external",
"summary": "SUSE Bug 1232823 for CVE-2023-52920",
"url": "https://bugzilla.suse.com/1232823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2023-52920"
},
{
"cve": "CVE-2024-24860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24860"
}
],
"notes": [
{
"category": "general",
"text": "A race condition was found in the Linux kernel\u0027s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24860",
"url": "https://www.suse.com/security/cve/CVE-2024-24860"
},
{
"category": "external",
"summary": "SUSE Bug 1219608 for CVE-2024-24860",
"url": "https://bugzilla.suse.com/1219608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-24860"
},
{
"cve": "CVE-2024-26886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: af_bluetooth: Fix deadlock\n\nAttemting to do sock_lock on .recvmsg may cause a deadlock as shown\nbellow, so instead of using sock_sock this uses sk_receive_queue.lock\non bt_sock_ioctl to avoid the UAF:\n\nINFO: task kworker/u9:1:121 blocked for more than 30 seconds.\n Not tainted 6.7.6-lemon #183\nWorkqueue: hci0 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x37d/0xa00\n schedule+0x32/0xe0\n __lock_sock+0x68/0xa0\n ? __pfx_autoremove_wake_function+0x10/0x10\n lock_sock_nested+0x43/0x50\n l2cap_sock_recv_cb+0x21/0xa0\n l2cap_recv_frame+0x55b/0x30a0\n ? psi_task_switch+0xeb/0x270\n ? finish_task_switch.isra.0+0x93/0x2a0\n hci_rx_work+0x33a/0x3f0\n process_one_work+0x13a/0x2f0\n worker_thread+0x2f0/0x410\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe0/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26886",
"url": "https://www.suse.com/security/cve/CVE-2024-26886"
},
{
"category": "external",
"summary": "SUSE Bug 1223044 for CVE-2024-26886",
"url": "https://bugzilla.suse.com/1223044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-26886"
},
{
"cve": "CVE-2024-26924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: do not free live element\n\nPablo reports a crash with large batches of elements with a\nback-to-back add/remove pattern. Quoting Pablo:\n\n add_elem(\"00000000\") timeout 100 ms\n ...\n add_elem(\"0000000X\") timeout 100 ms\n del_elem(\"0000000X\") \u003c---------------- delete one that was just added\n ...\n add_elem(\"00005000\") timeout 100 ms\n\n 1) nft_pipapo_remove() removes element 0000000X\n Then, KASAN shows a splat.\n\nLooking at the remove function there is a chance that we will drop a\nrule that maps to a non-deactivated element.\n\nRemoval happens in two steps, first we do a lookup for key k and return the\nto-be-removed element and mark it as inactive in the next generation.\nThen, in a second step, the element gets removed from the set/map.\n\nThe _remove function does not work correctly if we have more than one\nelement that share the same key.\n\nThis can happen if we insert an element into a set when the set already\nholds an element with same key, but the element mapping to the existing\nkey has timed out or is not active in the next generation.\n\nIn such case its possible that removal will unmap the wrong element.\nIf this happens, we will leak the non-deactivated element, it becomes\nunreachable.\n\nThe element that got deactivated (and will be freed later) will\nremain reachable in the set data structure, this can result in\na crash when such an element is retrieved during lookup (stale\npointer).\n\nAdd a check that the fully matching key does in fact map to the element\nthat we have marked as inactive in the deactivation step.\nIf not, we need to continue searching.\n\nAdd a bug/warn trap at the end of the function as well, the remove\nfunction must not ever be called with an invisible/unreachable/non-existent\nelement.\n\nv2: avoid uneeded temporary variable (Stefano)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26924",
"url": "https://www.suse.com/security/cve/CVE-2024-26924"
},
{
"category": "external",
"summary": "SUSE Bug 1223387 for CVE-2024-26924",
"url": "https://bugzilla.suse.com/1223387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-26924"
},
{
"cve": "CVE-2024-36915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: fix nfc_llcp_setsockopt() unsafe copies\n\nsyzbot reported unsafe calls to copy_from_sockptr() [1]\n\nUse copy_safe_from_sockptr() instead.\n\n[1]\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\nRead of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078\n\nCPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\n do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfd/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7f7fac07fd89\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89\nRDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36915",
"url": "https://www.suse.com/security/cve/CVE-2024-36915"
},
{
"category": "external",
"summary": "SUSE Bug 1225758 for CVE-2024-36915",
"url": "https://bugzilla.suse.com/1225758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-36915"
},
{
"cve": "CVE-2024-42232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix race between delayed_work() and ceph_monc_stop()\n\nThe way the delayed work is handled in ceph_monc_stop() is prone to\nraces with mon_fault() and possibly also finish_hunting(). Both of\nthese can requeue the delayed work which wouldn\u0027t be canceled by any of\nthe following code in case that happens after cancel_delayed_work_sync()\nruns -- __close_session() doesn\u0027t mess with the delayed work in order\nto avoid interfering with the hunting interval logic. This part was\nmissed in commit b5d91704f53e (\"libceph: behave in mon_fault() if\ncur_mon \u003c 0\") and use-after-free can still ensue on monc and objects\nthat hang off of it, with monc-\u003eauth and monc-\u003emonmap being\nparticularly susceptible to quickly being reused.\n\nTo fix this:\n\n- clear monc-\u003ecur_mon and monc-\u003ehunting as part of closing the session\n in ceph_monc_stop()\n- bail from delayed_work() if monc-\u003ecur_mon is cleared, similar to how\n it\u0027s done in mon_fault() and finish_hunting() (based on monc-\u003ehunting)\n- call cancel_delayed_work_sync() after the session is closed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42232",
"url": "https://www.suse.com/security/cve/CVE-2024-42232"
},
{
"category": "external",
"summary": "SUSE Bug 1228959 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "external",
"summary": "SUSE Bug 1229458 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1229458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-42232"
},
{
"cve": "CVE-2024-44934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn\u0027t\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n CPU 1 CPU 2\n start gc cycle remove port\n acquire gc lock first\n wait for lock\n call br_multicasg_gc() directly\n acquire lock now but free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n Call Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n expire_timers kernel/time/timer.c:1843 [inline]\n __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n __run_timer_base kernel/time/timer.c:2428 [inline]\n __run_timer_base kernel/time/timer.c:2421 [inline]\n run_timer_base+0x111/0x190 kernel/time/timer.c:2437",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44934",
"url": "https://www.suse.com/security/cve/CVE-2024-44934"
},
{
"category": "external",
"summary": "SUSE Bug 1229809 for CVE-2024-44934",
"url": "https://bugzilla.suse.com/1229809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-44934"
},
{
"cve": "CVE-2024-47666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late. After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47666",
"url": "https://www.suse.com/security/cve/CVE-2024-47666"
},
{
"category": "external",
"summary": "SUSE Bug 1231453 for CVE-2024-47666",
"url": "https://bugzilla.suse.com/1231453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-47666"
},
{
"cve": "CVE-2024-47678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: change the order of rate limits\n\nICMP messages are ratelimited :\n\nAfter the blamed commits, the two rate limiters are applied in this order:\n\n1) host wide ratelimit (icmp_global_allow())\n\n2) Per destination ratelimit (inetpeer based)\n\nIn order to avoid side-channels attacks, we need to apply\nthe per destination check first.\n\nThis patch makes the following change :\n\n1) icmp_global_allow() checks if the host wide limit is reached.\n But credits are not yet consumed. This is deferred to 3)\n\n2) The per destination limit is checked/updated.\n This might add a new node in inetpeer tree.\n\n3) icmp_global_consume() consumes tokens if prior operations succeeded.\n\nThis means that host wide ratelimit is still effective\nin keeping inetpeer tree small even under DDOS.\n\nAs a bonus, I removed icmp_global.lock as the fast path\ncan use a lock-free operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47678",
"url": "https://www.suse.com/security/cve/CVE-2024-47678"
},
{
"category": "external",
"summary": "SUSE Bug 1231854 for CVE-2024-47678",
"url": "https://bugzilla.suse.com/1231854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-47678"
},
{
"cve": "CVE-2024-49944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49944"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \u003cTASK\u003e\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49944",
"url": "https://www.suse.com/security/cve/CVE-2024-49944"
},
{
"category": "external",
"summary": "SUSE Bug 1232166 for CVE-2024-49944",
"url": "https://bugzilla.suse.com/1232166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-49944"
},
{
"cve": "CVE-2024-49952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prevent nf_skb_duplicated corruption\n\nsyzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write\nper-cpu variable nf_skb_duplicated in an unsafe way [1].\n\nDisabling preemption as hinted by the splat is not enough,\nwe have to disable soft interrupts as well.\n\n[1]\nBUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316\n caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\nCPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49\n nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\n nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook+0x2c4/0x450 include/linux/netfilter.h:269\n NF_HOOK_COND include/linux/netfilter.h:302 [inline]\n ip_output+0x185/0x230 net/ipv4/ip_output.c:433\n ip_local_out net/ipv4/ip_output.c:129 [inline]\n ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495\n udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981\n udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737\n __do_sys_sendmmsg net/socket.c:2766 [inline]\n __se_sys_sendmmsg net/socket.c:2763 [inline]\n __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f4ce4f7def9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133\nRAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9\nRDX: 0000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006\nRBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49952",
"url": "https://www.suse.com/security/cve/CVE-2024-49952"
},
{
"category": "external",
"summary": "SUSE Bug 1232157 for CVE-2024-49952",
"url": "https://bugzilla.suse.com/1232157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-49952"
},
{
"cve": "CVE-2024-50018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50018"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50018",
"url": "https://www.suse.com/security/cve/CVE-2024-50018"
},
{
"category": "external",
"summary": "SUSE Bug 1232419 for CVE-2024-50018",
"url": "https://bugzilla.suse.com/1232419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "low"
}
],
"title": "CVE-2024-50018"
},
{
"cve": "CVE-2024-50143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: fix uninit-value use in udf_get_fileshortad\n\nCheck for overflow when computing alen in udf_current_aext to mitigate\nlater uninit-value use in udf_get_fileshortad KMSAN bug[1].\nAfter applying the patch reproducer did not trigger any issue[2].\n\n[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df\n[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50143",
"url": "https://www.suse.com/security/cve/CVE-2024-50143"
},
{
"category": "external",
"summary": "SUSE Bug 1233038 for CVE-2024-50143",
"url": "https://bugzilla.suse.com/1233038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50143"
},
{
"cve": "CVE-2024-50154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don\u0027t use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet\u0027s not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50154",
"url": "https://www.suse.com/security/cve/CVE-2024-50154"
},
{
"category": "external",
"summary": "SUSE Bug 1233070 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233070"
},
{
"category": "external",
"summary": "SUSE Bug 1233072 for CVE-2024-50154",
"url": "https://bugzilla.suse.com/1233072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-50154"
},
{
"cve": "CVE-2024-50166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsl/fman: Fix refcount handling of fman-related devices\n\nIn mac_probe() there are multiple calls to of_find_device_by_node(),\nfman_bind() and fman_port_bind() which takes references to of_dev-\u003edev.\nNot all references taken by these calls are released later on error path\nin mac_probe() and in mac_remove() which lead to reference leaks.\n\nAdd references release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50166",
"url": "https://www.suse.com/security/cve/CVE-2024-50166"
},
{
"category": "external",
"summary": "SUSE Bug 1233050 for CVE-2024-50166",
"url": "https://bugzilla.suse.com/1233050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50166"
},
{
"cve": "CVE-2024-50181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50181"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50181",
"url": "https://www.suse.com/security/cve/CVE-2024-50181"
},
{
"category": "external",
"summary": "SUSE Bug 1233127 for CVE-2024-50181",
"url": "https://bugzilla.suse.com/1233127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50181"
},
{
"cve": "CVE-2024-50202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: propagate directory read errors from nilfs_find_entry()\n\nSyzbot reported that a task hang occurs in vcs_open() during a fuzzing\ntest for nilfs2.\n\nThe root cause of this problem is that in nilfs_find_entry(), which\nsearches for directory entries, ignores errors when loading a directory\npage/folio via nilfs_get_folio() fails.\n\nIf the filesystem images is corrupted, and the i_size of the directory\ninode is large, and the directory page/folio is successfully read but\nfails the sanity check, for example when it is zero-filled,\nnilfs_check_folio() may continue to spit out error messages in bursts.\n\nFix this issue by propagating the error to the callers when loading a\npage/folio fails in nilfs_find_entry().\n\nThe current interface of nilfs_find_entry() and its callers is outdated\nand cannot propagate error codes such as -EIO and -ENOMEM returned via\nnilfs_find_entry(), so fix it together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50202",
"url": "https://www.suse.com/security/cve/CVE-2024-50202"
},
{
"category": "external",
"summary": "SUSE Bug 1233324 for CVE-2024-50202",
"url": "https://bugzilla.suse.com/1233324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50202"
},
{
"cve": "CVE-2024-50211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: refactor inode_bmap() to handle error\n\nRefactor inode_bmap() to handle error since udf_next_aext() can return\nerror now. On situations like ftruncate, udf_extend_file() can now\ndetect errors and bail out early without resorting to checking for\nparticular offsets and assuming internal behavior of these functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50211",
"url": "https://www.suse.com/security/cve/CVE-2024-50211"
},
{
"category": "external",
"summary": "SUSE Bug 1233096 for CVE-2024-50211",
"url": "https://bugzilla.suse.com/1233096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50211"
},
{
"cve": "CVE-2024-50256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()\n\nI got a syzbot report without a repro [1] crashing in nf_send_reset6()\n\nI think the issue is that dev-\u003ehard_header_len is zero, and we attempt\nlater to push an Ethernet header.\n\nUse LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c.\n\n[1]\n\nskbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 \u003c0f\u003e 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc900045269b0 EFLAGS: 00010282\nRAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800\nRDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000\nRBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc\nR10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140\nR13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c\nFS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_push+0xe5/0x100 net/core/skbuff.c:2636\n eth_header+0x38/0x1f0 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3208 [inline]\n nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358\n nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]\n br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424\n __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562\n __netif_receive_skb_one_core net/core/dev.c:5666 [inline]\n __netif_receive_skb+0x12f/0x650 net/core/dev.c:5781\n netif_receive_skb_internal net/core/dev.c:5867 [inline]\n netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926\n tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550\n tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007\n tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053\n new_sync_write fs/read_write.c:590 [inline]\n vfs_write+0xa6d/0xc90 fs/read_write.c:683\n ksys_write+0x183/0x2b0 fs/read_write.c:736\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fdbeeb7d1ff\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48\nRSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff\nRDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8\nRBP: 00007fdbeebf12be R08: 0000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50256",
"url": "https://www.suse.com/security/cve/CVE-2024-50256"
},
{
"category": "external",
"summary": "SUSE Bug 1233200 for CVE-2024-50256",
"url": "https://bugzilla.suse.com/1233200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50256"
},
{
"cve": "CVE-2024-50262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50262"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix out-of-bounds write in trie_get_next_key()\n\ntrie_get_next_key() allocates a node stack with size trie-\u003emax_prefixlen,\nwhile it writes (trie-\u003emax_prefixlen + 1) nodes to the stack when it has\nfull paths from the root to leaves. For example, consider a trie with\nmax_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ...\n0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with\n.prefixlen = 8 make 9 nodes be written on the node stack with size 8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50262",
"url": "https://www.suse.com/security/cve/CVE-2024-50262"
},
{
"category": "external",
"summary": "SUSE Bug 1233239 for CVE-2024-50262",
"url": "https://bugzilla.suse.com/1233239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50262"
},
{
"cve": "CVE-2024-50278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix potential out-of-bounds access on the first resume\n\nOut-of-bounds access occurs if the fast device is expanded unexpectedly\nbefore the first-time resume of the cache table. This happens because\nexpanding the fast device requires reloading the cache table for\ncache_create to allocate new in-core data structures that fit the new\nsize, and the check in cache_preresume is not performed during the\nfirst resume, leading to the issue.\n\nReproduce steps:\n\n1. prepare component devices:\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\n\n2. load a cache table of 512 cache blocks, and deliberately expand the\n fast device before resuming the cache, making the in-core data\n structures inadequate.\n\ndmsetup create cache --notable\ndmsetup reload cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\ndmsetup reload cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\n3. suspend the cache to write out the in-core dirty bitset and hint\n array, leading to out-of-bounds access to the dirty bitset at offset\n 0x40:\n\ndmsetup suspend cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80\n Read of size 8 at addr ffffc90000085040 by task dmsetup/90\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc90000085000, ffffc90000087000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n \u003effffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by checking the size change on the first resume.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50278",
"url": "https://www.suse.com/security/cve/CVE-2024-50278"
},
{
"category": "external",
"summary": "SUSE Bug 1233467 for CVE-2024-50278",
"url": "https://bugzilla.suse.com/1233467"
},
{
"category": "external",
"summary": "SUSE Bug 1233709 for CVE-2024-50278",
"url": "https://bugzilla.suse.com/1233709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50278"
},
{
"cve": "CVE-2024-50279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50279",
"url": "https://www.suse.com/security/cve/CVE-2024-50279"
},
{
"category": "external",
"summary": "SUSE Bug 1233468 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "external",
"summary": "SUSE Bug 1233708 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix flushing uninitialized delayed_work on cache_ctr error\n\nAn unexpected WARN_ON from flush_work() may occur when cache creation\nfails, caused by destroying the uninitialized delayed_work waker in the\nerror path of cache_create(). For example, the warning appears on the\nsuperblock checksum error.\n\nReproduce steps:\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\nKernel logs:\n\n(snip)\nWARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890\n\nFix by pulling out the cancel_delayed_work_sync() from the constructor\u0027s\nerror path. This patch doesn\u0027t affect the use-after-free fix for\nconcurrent dm_resume and dm_destroy (commit 6a459d8edbdb (\"dm cache: Fix\nUAF in destroy()\")) as cache_dtr is not changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50280",
"url": "https://www.suse.com/security/cve/CVE-2024-50280"
},
{
"category": "external",
"summary": "SUSE Bug 1233469 for CVE-2024-50280",
"url": "https://bugzilla.suse.com/1233469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50280"
},
{
"cve": "CVE-2024-50296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50296"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50296",
"url": "https://www.suse.com/security/cve/CVE-2024-50296"
},
{
"category": "external",
"summary": "SUSE Bug 1233485 for CVE-2024-50296",
"url": "https://bugzilla.suse.com/1233485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-50296"
},
{
"cve": "CVE-2024-53051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53051"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53051",
"url": "https://www.suse.com/security/cve/CVE-2024-53051"
},
{
"category": "external",
"summary": "SUSE Bug 1233547 for CVE-2024-53051",
"url": "https://bugzilla.suse.com/1233547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53051"
},
{
"cve": "CVE-2024-53055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53055"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53055",
"url": "https://www.suse.com/security/cve/CVE-2024-53055"
},
{
"category": "external",
"summary": "SUSE Bug 1233550 for CVE-2024-53055",
"url": "https://bugzilla.suse.com/1233550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53055"
},
{
"cve": "CVE-2024-53056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53056"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53056",
"url": "https://www.suse.com/security/cve/CVE-2024-53056"
},
{
"category": "external",
"summary": "SUSE Bug 1233568 for CVE-2024-53056",
"url": "https://bugzilla.suse.com/1233568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53056"
},
{
"cve": "CVE-2024-53064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53064"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53064",
"url": "https://www.suse.com/security/cve/CVE-2024-53064"
},
{
"category": "external",
"summary": "SUSE Bug 1233558 for CVE-2024-53064",
"url": "https://bugzilla.suse.com/1233558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53064"
},
{
"cve": "CVE-2024-53072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53072"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53072",
"url": "https://www.suse.com/security/cve/CVE-2024-53072"
},
{
"category": "external",
"summary": "SUSE Bug 1233564 for CVE-2024-53072",
"url": "https://bugzilla.suse.com/1233564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53072"
},
{
"cve": "CVE-2024-53090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix lock recursion\n\nafs_wake_up_async_call() can incur lock recursion. The problem is that it\nis called from AF_RXRPC whilst holding the -\u003enotify_lock, but it tries to\ntake a ref on the afs_call struct in order to pass it to a work queue - but\nif the afs_call is already queued, we then have an extraneous ref that must\nbe put... calling afs_put_call() may call back down into AF_RXRPC through\nrxrpc_kernel_shutdown_call(), however, which might try taking the\n-\u003enotify_lock again.\n\nThis case isn\u0027t very common, however, so defer it to a workqueue. The oops\nlooks something like:\n\n BUG: spinlock recursion on CPU#0, krxrpcio/7001/1646\n lock: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0\n CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 Not tainted 6.12.0-rc2-build3+ #4351\n Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x47/0x70\n do_raw_spin_lock+0x3c/0x90\n rxrpc_kernel_shutdown_call+0x83/0xb0\n afs_put_call+0xd7/0x180\n rxrpc_notify_socket+0xa0/0x190\n rxrpc_input_split_jumbo+0x198/0x1d0\n rxrpc_input_data+0x14b/0x1e0\n ? rxrpc_input_call_packet+0xc2/0x1f0\n rxrpc_input_call_event+0xad/0x6b0\n rxrpc_input_packet_on_conn+0x1e1/0x210\n rxrpc_input_packet+0x3f2/0x4d0\n rxrpc_io_thread+0x243/0x410\n ? __pfx_rxrpc_io_thread+0x10/0x10\n kthread+0xcf/0xe0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x24/0x40\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53090",
"url": "https://www.suse.com/security/cve/CVE-2024-53090"
},
{
"category": "external",
"summary": "SUSE Bug 1233637 for CVE-2024-53090",
"url": "https://bugzilla.suse.com/1233637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53090"
},
{
"cve": "CVE-2024-53101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized value issue in from_kuid and from_kgid\n\nocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in\na trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren\u0027t set.\n\nInitialize all fields of newattrs to avoid uninitialized variables, by\nchecking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53101",
"url": "https://www.suse.com/security/cve/CVE-2024-53101"
},
{
"category": "external",
"summary": "SUSE Bug 1233769 for CVE-2024-53101",
"url": "https://bugzilla.suse.com/1233769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53101"
},
{
"cve": "CVE-2024-53113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix NULL pointer dereference in alloc_pages_bulk_noprof\n\nWe triggered a NULL pointer dereference for ac.preferred_zoneref-\u003ezone in\nalloc_pages_bulk_noprof() when the task is migrated between cpusets.\n\nWhen cpuset is enabled, in prepare_alloc_pages(), ac-\u003enodemask may be\n\u0026current-\u003emems_allowed. when first_zones_zonelist() is called to find\npreferred_zoneref, the ac-\u003enodemask may be modified concurrently if the\ntask is migrated between different cpusets. Assuming we have 2 NUMA Node,\nwhen traversing Node1 in ac-\u003ezonelist, the nodemask is 2, and when\ntraversing Node2 in ac-\u003ezonelist, the nodemask is 1. As a result, the\nac-\u003epreferred_zoneref points to NULL zone.\n\nIn alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a\nallowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading\nto NULL pointer dereference.\n\n__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit\nea57485af8f4 (\"mm, page_alloc: fix check for NULL preferred_zone\") and\ncommit df76cee6bbeb (\"mm, page_alloc: remove redundant checks from alloc\nfastpath\").\n\nTo fix it, check NULL pointer for preferred_zoneref-\u003ezone.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53113",
"url": "https://www.suse.com/security/cve/CVE-2024-53113"
},
{
"category": "external",
"summary": "SUSE Bug 1234077 for CVE-2024-53113",
"url": "https://bugzilla.suse.com/1234077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53113"
},
{
"cve": "CVE-2024-53114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client\n\nA number of Zen4 client SoCs advertise the ability to use virtualized\nVMLOAD/VMSAVE, but using these instructions is reported to be a cause\nof a random host reboot.\n\nThese instructions aren\u0027t intended to be advertised on Zen4 client\nso clear the capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53114",
"url": "https://www.suse.com/security/cve/CVE-2024-53114"
},
{
"category": "external",
"summary": "SUSE Bug 1234072 for CVE-2024-53114",
"url": "https://bugzilla.suse.com/1234072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53114"
},
{
"cve": "CVE-2024-53119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Fix accept_queue memory leak\n\nAs the final stages of socket destruction may be delayed, it is possible\nthat virtio_transport_recv_listen() will be called after the accept_queue\nhas been flushed, but before the SOCK_DONE flag has been set. As a result,\nsockets enqueued after the flush would remain unremoved, leading to a\nmemory leak.\n\nvsock_release\n __vsock_release\n lock\n virtio_transport_release\n virtio_transport_close\n schedule_delayed_work(close_work)\n sk_shutdown = SHUTDOWN_MASK\n(!) flush accept_queue\n release\n virtio_transport_recv_pkt\n vsock_find_bound_socket\n lock\n if flag(SOCK_DONE) return\n virtio_transport_recv_listen\n child = vsock_create_connected\n (!) vsock_enqueue_accept(child)\n release\nclose_work\n lock\n virtio_transport_do_close\n set_flag(SOCK_DONE)\n virtio_transport_remove_sock\n vsock_remove_sock\n vsock_remove_bound\n release\n\nIntroduce a sk_shutdown check to disallow vsock_enqueue_accept() during\nsocket destruction.\n\nunreferenced object 0xffff888109e3f800 (size 2040):\n comm \"kworker/5:2\", pid 371, jiffies 4294940105\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............\n backtrace (crc 9e5f4e84):\n [\u003cffffffff81418ff1\u003e] kmem_cache_alloc_noprof+0x2c1/0x360\n [\u003cffffffff81d27aa0\u003e] sk_prot_alloc+0x30/0x120\n [\u003cffffffff81d2b54c\u003e] sk_alloc+0x2c/0x4b0\n [\u003cffffffff81fe049a\u003e] __vsock_create.constprop.0+0x2a/0x310\n [\u003cffffffff81fe6d6c\u003e] virtio_transport_recv_pkt+0x4dc/0x9a0\n [\u003cffffffff81fe745d\u003e] vsock_loopback_work+0xfd/0x140\n [\u003cffffffff810fc6ac\u003e] process_one_work+0x20c/0x570\n [\u003cffffffff810fce3f\u003e] worker_thread+0x1bf/0x3a0\n [\u003cffffffff811070dd\u003e] kthread+0xdd/0x110\n [\u003cffffffff81044fdd\u003e] ret_from_fork+0x2d/0x50\n [\u003cffffffff8100785a\u003e] ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53119",
"url": "https://www.suse.com/security/cve/CVE-2024-53119"
},
{
"category": "external",
"summary": "SUSE Bug 1234073 for CVE-2024-53119",
"url": "https://bugzilla.suse.com/1234073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53119"
},
{
"cve": "CVE-2024-53120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT: Fix null-ptr-deref in add rule err flow\n\nIn error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add()\ncallback returns error, zone_rule-\u003eattr is used uninitiated. Fix it to\nuse attr which has the needed pointer value.\n\nKernel log:\n BUG: kernel NULL pointer dereference, address: 0000000000000110\n RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n\u2026\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x70\n ? page_fault_oops+0x150/0x3e0\n ? exc_page_fault+0x74/0x140\n ? asm_exc_page_fault+0x22/0x30\n ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core]\n mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core]\n ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n flow_offload_work_handler+0x142/0x320 [nf_flow_table]\n ? finish_task_switch.isra.0+0x15b/0x2b0\n process_one_work+0x16c/0x320\n worker_thread+0x28c/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xb8/0xf0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53120",
"url": "https://www.suse.com/security/cve/CVE-2024-53120"
},
{
"category": "external",
"summary": "SUSE Bug 1234075 for CVE-2024-53120",
"url": "https://bugzilla.suse.com/1234075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53120"
},
{
"cve": "CVE-2024-53122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\n\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\n\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\n\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53122",
"url": "https://www.suse.com/security/cve/CVE-2024-53122"
},
{
"category": "external",
"summary": "SUSE Bug 1234076 for CVE-2024-53122",
"url": "https://bugzilla.suse.com/1234076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53122"
},
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-53130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n\nWhen using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty()\nmay cause a NULL pointer dereference, or a general protection fault when\nKASAN is enabled.\n\nThis happens because, since the tracepoint was added in\nmark_buffer_dirty(), it references the dev_t member bh-\u003eb_bdev-\u003ebd_dev\nregardless of whether the buffer head has a pointer to a block_device\nstructure.\n\nIn the current implementation, nilfs_grab_buffer(), which grabs a buffer\nto read (or create) a block of metadata, including b-tree node blocks,\ndoes not set the block device, but instead does so only if the buffer is\nnot in the \"uptodate\" state for each of its caller block reading\nfunctions. However, if the uptodate flag is set on a folio/page, and the\nbuffer heads are detached from it by try_to_free_buffers(), and new buffer\nheads are then attached by create_empty_buffers(), the uptodate flag may\nbe restored to each buffer without the block device being set to\nbh-\u003eb_bdev, and mark_buffer_dirty() may be called later in that state,\nresulting in the bug mentioned above.\n\nFix this issue by making nilfs_grab_buffer() always set the block device\nof the super block structure to the buffer head, regardless of the state\nof the buffer\u0027s uptodate flag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53130",
"url": "https://www.suse.com/security/cve/CVE-2024-53130"
},
{
"category": "external",
"summary": "SUSE Bug 1234219 for CVE-2024-53130",
"url": "https://bugzilla.suse.com/1234219"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53130"
},
{
"cve": "CVE-2024-53131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_touch_buffer tracepoint\n\nPatch series \"nilfs2: fix null-ptr-deref bugs on block tracepoints\".\n\nThis series fixes null pointer dereference bugs that occur when using\nnilfs2 and two block-related tracepoints.\n\n\nThis patch (of 2):\n\nIt has been reported that when using \"block:block_touch_buffer\"\ntracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a\nNULL pointer dereference, or a general protection fault when KASAN is\nenabled.\n\nThis happens because since the tracepoint was added in touch_buffer(), it\nreferences the dev_t member bh-\u003eb_bdev-\u003ebd_dev regardless of whether the\nbuffer head has a pointer to a block_device structure. In the current\nimplementation, the block_device structure is set after the function\nreturns to the caller.\n\nHere, touch_buffer() is used to mark the folio/page that owns the buffer\nhead as accessed, but the common search helper for folio/page used by the\ncaller function was optimized to mark the folio/page as accessed when it\nwas reimplemented a long time ago, eliminating the need to call\ntouch_buffer() here in the first place.\n\nSo this solves the issue by eliminating the touch_buffer() call itself.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53131",
"url": "https://www.suse.com/security/cve/CVE-2024-53131"
},
{
"category": "external",
"summary": "SUSE Bug 1234220 for CVE-2024-53131",
"url": "https://bugzilla.suse.com/1234220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53131"
},
{
"cve": "CVE-2024-53142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninitramfs: avoid filename buffer overrun\n\nThe initramfs filename field is defined in\nDocumentation/driver-api/early-userspace/buffer-format.rst as:\n\n 37 cpio_file := ALGN(4) + cpio_header + filename + \"\\0\" + ALGN(4) + data\n...\n 55 ============= ================== =========================\n 56 Field name Field size Meaning\n 57 ============= ================== =========================\n...\n 70 c_namesize 8 bytes Length of filename, including final \\0\n\nWhen extracting an initramfs cpio archive, the kernel\u0027s do_name() path\nhandler assumes a zero-terminated path at @collected, passing it\ndirectly to filp_open() / init_mkdir() / init_mknod().\n\nIf a specially crafted cpio entry carries a non-zero-terminated filename\nand is followed by uninitialized memory, then a file may be created with\ntrailing characters that represent the uninitialized memory. The ability\nto create an initramfs entry would imply already having full control of\nthe system, so the buffer overrun shouldn\u0027t be considered a security\nvulnerability.\n\nAppend the output of the following bash script to an existing initramfs\nand observe any created /initramfs_test_fname_overrunAA* path. E.g.\n ./reproducer.sh | gzip \u003e\u003e /myinitramfs\n\nIt\u0027s easiest to observe non-zero uninitialized memory when the output is\ngzipped, as it\u0027ll overflow the heap allocated @out_buf in __gunzip(),\nrather than the initrd_start+initrd_size block.\n\n---- reproducer.sh ----\nnilchar=\"A\"\t# change to \"\\0\" to properly zero terminate / pad\nmagic=\"070701\"\nino=1\nmode=$(( 0100777 ))\nuid=0\ngid=0\nnlink=1\nmtime=1\nfilesize=0\ndevmajor=0\ndevminor=1\nrdevmajor=0\nrdevminor=0\ncsum=0\nfname=\"initramfs_test_fname_overrun\"\nnamelen=$(( ${#fname} + 1 ))\t# plus one to account for terminator\n\nprintf \"%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s\" \\\n\t$magic $ino $mode $uid $gid $nlink $mtime $filesize \\\n\t$devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname\n\ntermpadlen=$(( 1 + ((4 - ((110 + $namelen) \u0026 3)) % 4) ))\nprintf \"%.s${nilchar}\" $(seq 1 $termpadlen)\n---- reproducer.sh ----\n\nSymlink filename fields handled in do_symlink() won\u0027t overrun past the\ndata segment, due to the explicit zero-termination of the symlink\ntarget.\n\nFix filename buffer overrun by aborting the initramfs FSM if any cpio\nentry doesn\u0027t carry a zero-terminator at the expected (name_len - 1)\noffset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53142",
"url": "https://www.suse.com/security/cve/CVE-2024-53142"
},
{
"category": "external",
"summary": "SUSE Bug 1232436 for CVE-2024-53142",
"url": "https://bugzilla.suse.com/1232436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53142"
},
{
"cve": "CVE-2024-53146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Prevent a potential integer overflow\n\nIf the tag length is \u003e= U32_MAX - 3 then the \"length + 4\" addition\ncan result in an integer overflow. Address this by splitting the\ndecoding into several steps so that decode_cb_compound4res() does\nnot have to perform arithmetic on the unsafe length value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53146",
"url": "https://www.suse.com/security/cve/CVE-2024-53146"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53146",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234854 for CVE-2024-53146",
"url": "https://bugzilla.suse.com/1234854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-53146"
},
{
"cve": "CVE-2024-53150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out of bounds reads when finding clock sources\n\nThe current USB-audio driver code doesn\u0027t check bLength of each\ndescriptor at traversing for clock descriptors. That is, when a\ndevice provides a bogus descriptor with a shorter bLength, the driver\nmight hit out-of-bounds reads.\n\nFor addressing it, this patch adds sanity checks to the validator\nfunctions for the clock descriptor traversal. When the descriptor\nlength is shorter than expected, it\u0027s skipped in the loop.\n\nFor the clock source and clock multiplier descriptors, we can just\ncheck bLength against the sizeof() of each descriptor type.\nOTOH, the clock selector descriptor of UAC2 and UAC3 has an array\nof bNrInPins elements and two more fields at its tail, hence those\nhave to be checked in addition to the sizeof() check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53150",
"url": "https://www.suse.com/security/cve/CVE-2024-53150"
},
{
"category": "external",
"summary": "SUSE Bug 1234834 for CVE-2024-53150",
"url": "https://bugzilla.suse.com/1234834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53150"
},
{
"cve": "CVE-2024-53156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()\n\nI found the following bug in my fuzzer:\n\n UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51\n index 255 is out of range for type \u0027htc_endpoint [22]\u0027\n CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Workqueue: events request_firmware_work_func\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x180/0x1b0\n __ubsan_handle_out_of_bounds+0xd4/0x130\n htc_issue_send.constprop.0+0x20c/0x230\n ? _raw_spin_unlock_irqrestore+0x3c/0x70\n ath9k_wmi_cmd+0x41d/0x610\n ? mark_held_locks+0x9f/0xe0\n ...\n\nSince this bug has been confirmed to be caused by insufficient verification\nof conn_rsp_epid, I think it would be appropriate to add a range check for\nconn_rsp_epid to htc_connect_service() to prevent the bug from occurring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53156",
"url": "https://www.suse.com/security/cve/CVE-2024-53156"
},
{
"category": "external",
"summary": "SUSE Bug 1234846 for CVE-2024-53156",
"url": "https://bugzilla.suse.com/1234846"
},
{
"category": "external",
"summary": "SUSE Bug 1234847 for CVE-2024-53156",
"url": "https://bugzilla.suse.com/1234847"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53156",
"url": "https://bugzilla.suse.com/1234853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-53156"
},
{
"cve": "CVE-2024-53157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Check the DVFS OPP count returned by the firmware\n\nFix a kernel crash with the below call trace when the SCPI firmware\nreturns OPP count of zero.\n\ndvfs_info.opp_count may be zero on some platforms during the reboot\ntest, and the kernel will crash after dereferencing the pointer to\nkcalloc(info-\u003ecount, sizeof(*opp), GFP_KERNEL).\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028\n | Mem abort info:\n | ESR = 0x96000004\n | Exception class = DABT (current EL), IL = 32 bits\n | SET = 0, FnV = 0\n | EA = 0, S1PTW = 0\n | Data abort info:\n | ISV = 0, ISS = 0x00000004\n | CM = 0, WnR = 0\n | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c\n | [0000000000000028] pgd=0000000000000000\n | Internal error: Oops: 96000004 [#1] SMP\n | scpi-hwmon: probe of PHYT000D:00 failed with error -110\n | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c)\n | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1\n | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS\n | pstate: 60000005 (nZCv daif -PAN -UAO)\n | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi]\n | lr : clk_register+0x438/0x720\n | Call trace:\n | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi]\n | devm_clk_hw_register+0x50/0xa0\n | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi]\n | scpi_clocks_probe+0x528/0x70c [clk_scpi]\n | platform_drv_probe+0x58/0xa8\n | really_probe+0x260/0x3d0\n | driver_probe_device+0x12c/0x148\n | device_driver_attach+0x74/0x98\n | __driver_attach+0xb4/0xe8\n | bus_for_each_dev+0x88/0xe0\n | driver_attach+0x30/0x40\n | bus_add_driver+0x178/0x2b0\n | driver_register+0x64/0x118\n | __platform_driver_register+0x54/0x60\n | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi]\n | do_one_initcall+0x54/0x220\n | do_init_module+0x54/0x1c8\n | load_module+0x14a4/0x1668\n | __se_sys_finit_module+0xf8/0x110\n | __arm64_sys_finit_module+0x24/0x30\n | el0_svc_common+0x78/0x170\n | el0_svc_handler+0x38/0x78\n | el0_svc+0x8/0x340\n | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820)\n | ---[ end trace 06feb22469d89fa8 ]---\n | Kernel panic - not syncing: Fatal exception\n | SMP: stopping secondary CPUs\n | Kernel Offset: disabled\n | CPU features: 0x10,a0002008\n | Memory Limit: none",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53157",
"url": "https://www.suse.com/security/cve/CVE-2024-53157"
},
{
"category": "external",
"summary": "SUSE Bug 1234827 for CVE-2024-53157",
"url": "https://bugzilla.suse.com/1234827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53157"
},
{
"cve": "CVE-2024-53158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()\n\nThis loop is supposed to break if the frequency returned from\nclk_round_rate() is the same as on the previous iteration. However,\nthat check doesn\u0027t make sense on the first iteration through the loop.\nIt leads to reading before the start of these-\u003eclk_perf_tbl[] array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53158",
"url": "https://www.suse.com/security/cve/CVE-2024-53158"
},
{
"category": "external",
"summary": "SUSE Bug 1234811 for CVE-2024-53158",
"url": "https://bugzilla.suse.com/1234811"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53158"
},
{
"cve": "CVE-2024-53161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/bluefield: Fix potential integer overflow\n\nThe 64-bit argument for the \"get DIMM info\" SMC call consists of mem_ctrl_idx\nleft-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as\n32-bits wide the left-shift operation truncates the upper 16 bits of\ninformation during the calculation of the SMC argument.\n\nThe mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any\npotential integer overflow, i.e. loss of data from upper 16 bits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53161",
"url": "https://www.suse.com/security/cve/CVE-2024-53161"
},
{
"category": "external",
"summary": "SUSE Bug 1234856 for CVE-2024-53161",
"url": "https://bugzilla.suse.com/1234856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53161"
},
{
"cve": "CVE-2024-53162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_4xxx - fix off by one in uof_get_name()\n\nThe fw_objs[] array has \"num_objs\" elements so the \u003e needs to be \u003e= to\nprevent an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53162",
"url": "https://www.suse.com/security/cve/CVE-2024-53162"
},
{
"category": "external",
"summary": "SUSE Bug 1234843 for CVE-2024-53162",
"url": "https://bugzilla.suse.com/1234843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53162"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free of signing key\n\nCustomers have reported use-after-free in @ses-\u003eauth_key.response with\nSMB2.1 + sign mounts which occurs due to following race:\n\ntask A task B\ncifs_mount()\n dfs_mount_share()\n get_session()\n cifs_mount_get_session() cifs_send_recv()\n cifs_get_smb_ses() compound_send_recv()\n cifs_setup_session() smb2_setup_request()\n kfree_sensitive() smb2_calc_signature()\n crypto_shash_setkey() *UAF*\n\nFix this by ensuring that we have a valid @ses-\u003eauth_key.response by\nchecking whether @ses-\u003eses_status is SES_GOOD or SES_EXITING with\n@ses-\u003eses_lock held. After commit 24a9799aa8ef (\"smb: client: fix UAF\nin smb2_reconnect_server()\"), we made sure to call -\u003elogoff() only\nwhen @ses was known to be good (e.g. valid -\u003eauth_key.response), so\nit\u0027s safe to access signing key when @ses-\u003eses_status == SES_EXITING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53179",
"url": "https://www.suse.com/security/cve/CVE-2024-53179"
},
{
"category": "external",
"summary": "SUSE Bug 1234921 for CVE-2024-53179",
"url": "https://bugzilla.suse.com/1234921"
},
{
"category": "external",
"summary": "SUSE Bug 1234927 for CVE-2024-53179",
"url": "https://bugzilla.suse.com/1234927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-53179"
},
{
"cve": "CVE-2024-53206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix use-after-free of nreq in reqsk_timer_handler().\n\nThe cited commit replaced inet_csk_reqsk_queue_drop_and_put() with\n__inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler().\n\nThen, oreq should be passed to reqsk_put() instead of req; otherwise\nuse-after-free of nreq could happen when reqsk is migrated but the\nretry attempt failed (e.g. due to timeout).\n\nLet\u0027s pass oreq to reqsk_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53206",
"url": "https://www.suse.com/security/cve/CVE-2024-53206"
},
{
"category": "external",
"summary": "SUSE Bug 1234960 for CVE-2024-53206",
"url": "https://bugzilla.suse.com/1234960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53206"
},
{
"cve": "CVE-2024-53210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()\n\nPassing MSG_PEEK flag to skb_recv_datagram() increments skb refcount\n(skb-\u003eusers) and iucv_sock_recvmsg() does not decrement skb refcount\nat exit.\nThis results in skb memory leak in skb_queue_purge() and WARN_ON in\niucv_sock_destruct() during socket close. To fix this decrease\nskb refcount by one if MSG_PEEK is set in order to prevent memory\nleak and WARN_ON.\n\nWARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv]\nCPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1\nHardware name: IBM 3931 A01 704 (z/VM 7.3.0)\nCall Trace:\n [\u003c001587c682c4aa98\u003e] iucv_sock_destruct+0x148/0x1a0 [af_iucv]\n [\u003c001587c682c4a9d0\u003e] iucv_sock_destruct+0x80/0x1a0 [af_iucv]\n [\u003c001587c704117a32\u003e] __sk_destruct+0x52/0x550\n [\u003c001587c704104a54\u003e] __sock_release+0xa4/0x230\n [\u003c001587c704104c0c\u003e] sock_close+0x2c/0x40\n [\u003c001587c702c5f5a8\u003e] __fput+0x2e8/0x970\n [\u003c001587c7024148c4\u003e] task_work_run+0x1c4/0x2c0\n [\u003c001587c7023b0716\u003e] do_exit+0x996/0x1050\n [\u003c001587c7023b13aa\u003e] do_group_exit+0x13a/0x360\n [\u003c001587c7023b1626\u003e] __s390x_sys_exit_group+0x56/0x60\n [\u003c001587c7022bccca\u003e] do_syscall+0x27a/0x380\n [\u003c001587c7049a6a0c\u003e] __do_syscall+0x9c/0x160\n [\u003c001587c7049ce8a8\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c001587c682c4a9d4\u003e] iucv_sock_destruct+0x84/0x1a0 [af_iucv]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53210",
"url": "https://www.suse.com/security/cve/CVE-2024-53210"
},
{
"category": "external",
"summary": "SUSE Bug 1234971 for CVE-2024-53210",
"url": "https://bugzilla.suse.com/1234971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53210"
},
{
"cve": "CVE-2024-53213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53213"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix double free issue with interrupt buffer allocation\n\nIn lan78xx_probe(), the buffer `buf` was being freed twice: once\nimplicitly through `usb_free_urb(dev-\u003eurb_intr)` with the\n`URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused\na double free issue.\n\nTo resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to\nsimplify the initialization sequence and removed the redundant\n`kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring\nit is correctly managed by `usb_fill_int_urb()` and freed by\n`usb_free_urb()` as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53213",
"url": "https://www.suse.com/security/cve/CVE-2024-53213"
},
{
"category": "external",
"summary": "SUSE Bug 1234973 for CVE-2024-53213",
"url": "https://bugzilla.suse.com/1234973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53213"
},
{
"cve": "CVE-2024-53214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Properly hide first-in-list PCIe extended capability\n\nThere are cases where a PCIe extended capability should be hidden from\nthe user. For example, an unknown capability (i.e., capability with ID\ngreater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally\nchosen to be hidden from the user.\n\nHiding a capability is done by virtualizing and modifying the \u0027Next\nCapability Offset\u0027 field of the previous capability so it points to the\ncapability after the one that should be hidden.\n\nThe special case where the first capability in the list should be hidden\nis handled differently because there is no previous capability that can\nbe modified. In this case, the capability ID and version are zeroed\nwhile leaving the next pointer intact. This hides the capability and\nleaves an anchor for the rest of the capability list.\n\nHowever, today, hiding the first capability in the list is not done\nproperly if the capability is unknown, as struct\nvfio_pci_core_device-\u003epci_config_map is set to the capability ID during\ninitialization but the capability ID is not properly checked later when\nused in vfio_config_do_rw(). This leads to the following warning [1] and\nto an out-of-bounds access to ecap_perms array.\n\nFix it by checking cap_id in vfio_config_do_rw(), and if it is greater\nthan PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct\nread only access instead of the ecap_perms array.\n\nNote that this is safe since the above is the only case where cap_id can\nexceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which\nare already checked before).\n\n[1]\n\nWARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\nCPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1\n(snip)\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x69/0x80\n ? __warn+0x8d/0x140\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? report_bug+0x18f/0x1a0\n ? handle_bug+0x63/0xa0\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core]\n vfio_pci_rw+0x101/0x1b0 [vfio_pci_core]\n vfio_pci_core_read+0x1d/0x30 [vfio_pci_core]\n vfio_device_fops_read+0x27/0x40 [vfio]\n vfs_read+0xbd/0x340\n ? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio]\n ? __rseq_handle_notify_resume+0xa4/0x4b0\n __x64_sys_pread64+0x96/0xc0\n x64_sys_call+0x1c3d/0x20d0\n do_syscall_64+0x4d/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53214",
"url": "https://www.suse.com/security/cve/CVE-2024-53214"
},
{
"category": "external",
"summary": "SUSE Bug 1235004 for CVE-2024-53214",
"url": "https://bugzilla.suse.com/1235004"
},
{
"category": "external",
"summary": "SUSE Bug 1235005 for CVE-2024-53214",
"url": "https://bugzilla.suse.com/1235005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-53214"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: fix crash when removing device\n\nWhen removing a netfront device directly after a suspend/resume cycle\nit might happen that the queues have not been setup again, causing a\ncrash during the attempt to stop the queues another time.\n\nFix that by checking the queues are existing before trying to stop\nthem.\n\nThis is XSA-465 / CVE-2024-53240.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53240",
"url": "https://www.suse.com/security/cve/CVE-2024-53240"
},
{
"category": "external",
"summary": "SUSE Bug 1234281 for CVE-2024-53240",
"url": "https://bugzilla.suse.com/1234281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53240"
},
{
"cve": "CVE-2024-53241",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53241"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: don\u0027t do PV iret hypercall through hypercall page\n\nInstead of jumping to the Xen hypercall page for doing the iret\nhypercall, directly code the required sequence in xen-asm.S.\n\nThis is done in preparation of no longer using hypercall page at all,\nas it has shown to cause problems with speculation mitigations.\n\nThis is part of XSA-466 / CVE-2024-53241.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53241",
"url": "https://www.suse.com/security/cve/CVE-2024-53241"
},
{
"category": "external",
"summary": "SUSE Bug 1234282 for CVE-2024-53241",
"url": "https://bugzilla.suse.com/1234282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-53241"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56549"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Fix NULL pointer dereference in object-\u003efile\n\nAt present, the object-\u003efile has the NULL pointer dereference problem in\nondemand-mode. The root cause is that the allocated fd and object-\u003efile\nlifetime are inconsistent, and the user-space invocation to anon_fd uses\nobject-\u003efile. Following is the process that triggers the issue:\n\n\t [write fd]\t\t\t\t[umount]\ncachefiles_ondemand_fd_write_iter\n\t\t\t\t fscache_cookie_state_machine\n\t\t\t\t\t cachefiles_withdraw_cookie\n if (!file) return -ENOBUFS\n\t\t\t\t\t cachefiles_clean_up_object\n\t\t\t\t\t cachefiles_unmark_inode_in_use\n\t\t\t\t\t fput(object-\u003efile)\n\t\t\t\t\t object-\u003efile = NULL\n // file NULL pointer dereference!\n __cachefiles_write(..., file, ...)\n\nFix this issue by add an additional reference count to the object-\u003efile\nbefore write/llseek, and decrement after it finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56549",
"url": "https://www.suse.com/security/cve/CVE-2024-56549"
},
{
"category": "external",
"summary": "SUSE Bug 1234912 for CVE-2024-56549",
"url": "https://bugzilla.suse.com/1234912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-56549"
},
{
"cve": "CVE-2024-56570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: Filter invalid inodes with missing lookup function\n\nAdd a check to the ovl_dentry_weird() function to prevent the\nprocessing of directory inodes that lack the lookup function.\nThis is important because such inodes can cause errors in overlayfs\nwhen passed to the lowerstack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56570",
"url": "https://www.suse.com/security/cve/CVE-2024-56570"
},
{
"category": "external",
"summary": "SUSE Bug 1235035 for CVE-2024-56570",
"url": "https://bugzilla.suse.com/1235035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-56570"
},
{
"cve": "CVE-2024-56571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56571"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56571",
"url": "https://www.suse.com/security/cve/CVE-2024-56571"
},
{
"category": "external",
"summary": "SUSE Bug 1235037 for CVE-2024-56571",
"url": "https://bugzilla.suse.com/1235037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "low"
}
],
"title": "CVE-2024-56571"
},
{
"cve": "CVE-2024-56575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Ensure power suppliers be suspended before detach them\n\nThe power suppliers are always requested to suspend asynchronously,\ndev_pm_domain_detach() requires the caller to ensure proper\nsynchronization of this function with power management callbacks.\notherwise the detach may led to kernel panic, like below:\n\n[ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040\n[ 1457.116777] Mem abort info:\n[ 1457.119589] ESR = 0x0000000096000004\n[ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1457.128692] SET = 0, FnV = 0\n[ 1457.131764] EA = 0, S1PTW = 0\n[ 1457.134920] FSC = 0x04: level 0 translation fault\n[ 1457.139812] Data abort info:\n[ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1457.148196] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1457.153256] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000\n[ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000\n[ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec]\n[ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66\n[ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT)\n[ 1457.199236] Workqueue: pm pm_runtime_work\n[ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290\n[ 1457.214886] lr : __rpm_callback+0x48/0x1d8\n[ 1457.218968] sp : ffff80008250bc50\n[ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000\n[ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240\n[ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008\n[ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff\n[ 1457.250766] x17: 5300326563697665 x16: 645f676e696c6f6f x15: 63343a6d726f6674\n[ 1457.257890] x14: 0000000000000004 x13: 00000000000003a4 x12: 0000000000000002\n[ 1457.265014] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff80008250bbb0\n[ 1457.272138] x8 : ffff000092937200 x7 : ffff0003fdf6af80 x6 : 0000000000000000\n[ 1457.279262] x5 : 00000000410fd050 x4 : 0000000000200000 x3 : 0000000000000000\n[ 1457.286386] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00008590f000\n[ 1457.293510] Call trace:\n[ 1457.295946] genpd_runtime_suspend+0x20/0x290\n[ 1457.300296] __rpm_callback+0x48/0x1d8\n[ 1457.304038] rpm_callback+0x6c/0x78\n[ 1457.307515] rpm_suspend+0x10c/0x570\n[ 1457.311077] pm_runtime_work+0xc4/0xc8\n[ 1457.314813] process_one_work+0x138/0x248\n[ 1457.318816] worker_thread+0x320/0x438\n[ 1457.322552] kthread+0x110/0x114\n[ 1457.325767] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56575",
"url": "https://www.suse.com/security/cve/CVE-2024-56575"
},
{
"category": "external",
"summary": "SUSE Bug 1235039 for CVE-2024-56575",
"url": "https://bugzilla.suse.com/1235039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "moderate"
}
],
"title": "CVE-2024-56575"
},
{
"cve": "CVE-2024-56598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56598"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: array-index-out-of-bounds fix in dtReadFirst\n\nThe value of stbl can be sometimes out of bounds due\nto a bad filesystem. Added a check with appopriate return\nof error code in that case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56598",
"url": "https://www.suse.com/security/cve/CVE-2024-56598"
},
{
"category": "external",
"summary": "SUSE Bug 1235220 for CVE-2024-56598",
"url": "https://bugzilla.suse.com/1235220"
},
{
"category": "external",
"summary": "SUSE Bug 1235221 for CVE-2024-56598",
"url": "https://bugzilla.suse.com/1235221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-56598"
},
{
"cve": "CVE-2024-56604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56604"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()\n\nbt_sock_alloc() attaches allocated sk object to the provided sock object.\nIf rfcomm_dlc_alloc() fails, we release the sk object, but leave the\ndangling pointer in the sock object, which may cause use-after-free.\n\nFix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56604",
"url": "https://www.suse.com/security/cve/CVE-2024-56604"
},
{
"category": "external",
"summary": "SUSE Bug 1235056 for CVE-2024-56604",
"url": "https://bugzilla.suse.com/1235056"
},
{
"category": "external",
"summary": "SUSE Bug 1235058 for CVE-2024-56604",
"url": "https://bugzilla.suse.com/1235058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-56604"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()\n\nSyzbot reported that when searching for records in a directory where the\ninode\u0027s i_size is corrupted and has a large value, memory access outside\nthe folio/page range may occur, or a use-after-free bug may be detected if\nKASAN is enabled.\n\nThis is because nilfs_last_byte(), which is called by nilfs_find_entry()\nand others to calculate the number of valid bytes of directory data in a\npage from i_size and the page index, loses the upper 32 bits of the 64-bit\nsize information due to an inappropriate type of local variable to which\nthe i_size value is assigned.\n\nThis caused a large byte offset value due to underflow in the end address\ncalculation in the calling nilfs_find_entry(), resulting in memory access\nthat exceeds the folio/page size.\n\nFix this issue by changing the type of the local variable causing the bit\nloss from \"unsigned int\" to \"u64\". The return value of nilfs_last_byte()\nis also of type \"unsigned int\", but it is truncated so as not to exceed\nPAGE_SIZE and no bit loss occurs, so no change is required.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56619",
"url": "https://www.suse.com/security/cve/CVE-2024-56619"
},
{
"category": "external",
"summary": "SUSE Bug 1235224 for CVE-2024-56619",
"url": "https://bugzilla.suse.com/1235224"
},
{
"category": "external",
"summary": "SUSE Bug 1235225 for CVE-2024-56619",
"url": "https://bugzilla.suse.com/1235225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-56619"
},
{
"cve": "CVE-2024-56755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56755"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING\n\nIn fscache_create_volume(), there is a missing memory barrier between the\nbit-clearing operation and the wake-up operation. This may cause a\nsituation where, after a wake-up, the bit-clearing operation hasn\u0027t been\ndetected yet, leading to an indefinite wait. The triggering process is as\nfollows:\n\n [cookie1] [cookie2] [volume_work]\nfscache_perform_lookup\n fscache_create_volume\n fscache_perform_lookup\n fscache_create_volume\n\t\t\t fscache_create_volume_work\n cachefiles_acquire_volume\n clear_and_wake_up_bit\n test_and_set_bit\n test_and_set_bit\n goto maybe_wait\n goto no_wait\n\nIn the above process, cookie1 and cookie2 has the same volume. When cookie1\nenters the -no_wait- process, it will clear the bit and wake up the waiting\nprocess. If a barrier is missing, it may cause cookie2 to remain in the\n-wait- process indefinitely.\n\nIn commit 3288666c7256 (\"fscache: Use clear_and_wake_up_bit() in\nfscache_create_volume_work()\"), barriers were added to similar operations\nin fscache_create_volume_work(), but fscache_create_volume() was missed.\n\nBy combining the clear and wake operations into clear_and_wake_up_bit() to\nfix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56755",
"url": "https://www.suse.com/security/cve/CVE-2024-56755"
},
{
"category": "external",
"summary": "SUSE Bug 1234920 for CVE-2024-56755",
"url": "https://bugzilla.suse.com/1234920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "low"
}
],
"title": "CVE-2024-56755"
},
{
"cve": "CVE-2024-8805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8805"
}
],
"notes": [
{
"category": "general",
"text": "BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8805",
"url": "https://www.suse.com/security/cve/CVE-2024-8805"
},
{
"category": "external",
"summary": "SUSE Bug 1230697 for CVE-2024-8805",
"url": "https://bugzilla.suse.com/1230697"
},
{
"category": "external",
"summary": "SUSE Bug 1240804 for CVE-2024-8805",
"url": "https://bugzilla.suse.com/1240804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T10:10:25Z",
"details": "important"
}
],
"title": "CVE-2024-8805"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…