csaf_suse - suse-su-2025:4283-1

suse-su-2025:4283-1

Vulnerability from csaf_suse

Published

2025-11-27 19:04

Modified

2025-11-27 19:04

Summary

Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP5)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP5)

Description of the patch

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.88 fixes various security issues The following security issues were fixed: - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1245778). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242882).

Patchnames

SUSE-2025-4283,SUSE-2025-4284,SUSE-SLE-Module-Live-Patching-15-SP5-2025-4283

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.88 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1245778).\n- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242882).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-4283,SUSE-2025-4284,SUSE-SLE-Module-Live-Patching-15-SP5-2025-4283",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4283-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:4283-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254283-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:4283-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023410.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242882",
        "url": "https://bugzilla.suse.com/1242882"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1245778",
        "url": "https://bugzilla.suse.com/1245778"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53141 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53141/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23145 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23145/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP5)",
    "tracking": {
      "current_release_date": "2025-11-27T19:04:00Z",
      "generator": {
        "date": "2025-11-27T19:04:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:4283-1",
      "initial_release_date": "2025-11-27T19:04:00Z",
      "revision_history": [
        {
          "date": "2025-11-27T19:04:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_103-default-10-150500.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-53141",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53141"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: add missing range check in bitmap_ip_uadt\n\nWhen tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,\nthe values of ip and ip_to are slightly swapped. Therefore, the range check\nfor ip should be done later, but this part is missing and it seems that the\nvulnerability occurs.\n\nSo we should add missing range checks and remove unnecessary range checks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53141",
          "url": "https://www.suse.com/security/cve/CVE-2024-53141"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234381 for CVE-2024-53141",
          "url": "https://bugzilla.suse.com/1234381"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245778 for CVE-2024-53141",
          "url": "https://bugzilla.suse.com/1245778"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-27T19:04:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-53141"
    },
    {
      "cve": "CVE-2025-23145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\n\nCall trace:\n\n  mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n  subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n  tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n  tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n  ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n  ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n  ip_local_deliver (./net/ipv4/ip_input.c:254)\n  ip_rcv_finish (./net/ipv4/ip_input.c:449)\n  ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23145",
          "url": "https://www.suse.com/security/cve/CVE-2025-23145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242596 for CVE-2025-23145",
          "url": "https://bugzilla.suse.com/1242596"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242882 for CVE-2025-23145",
          "url": "https://bugzilla.suse.com/1242882"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_88-default-15-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-27T19:04:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-23145"
    }
  ]
}

CVE-2025-23145 (GCVE-0-2025-23145)

Vulnerability from cvelistv5

Published

2025-05-01 12:55

Modified

2025-11-03 19:42

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... According to the debug log, the same req received two SYN-ACK in a very short time, very likely because the client retransmits the syn ack due to multiple reasons. Even if the packets are transmitted with a relevant time interval, they can be processed by the server on different CPUs concurrently). The 'subflow_req->msk' ownership is transferred to the subflow the first, and there will be a risk of a null pointer dereference here. This patch fixes this issue by moving the 'subflow_req->msk' under the `own_req == true` conditional. Note that the !msk check in subflow_hmac_valid() can be dropped, because the same check already exists under the own_req mpj branch where the code has been moved to.

References

URL

Tags

	https://git.kernel.org/stable/c/8cf7fef1bb2ffea7792bcbf71ca00216cecc725d
	https://git.kernel.org/stable/c/b3088bd2a6790c8efff139d86d7a9d0b1305977b
	https://git.kernel.org/stable/c/855bf0aacd51fced11ea9aa0d5101ee0febaeadb
	https://git.kernel.org/stable/c/7f9ae060ed64aef8f174c5f1ea513825b1be9af1
	https://git.kernel.org/stable/c/dc81e41a307df523072186b241fa8244fecd7803
	https://git.kernel.org/stable/c/efd58a8dd9e7a709a90ee486a4247c923d27296f
	https://git.kernel.org/stable/c/4b2649b9717678aeb097893cc49f59311a1ecab0
	https://git.kernel.org/stable/c/443041deb5ef6a1289a99ed95015ec7442f141dc

Impacted products

Vendor

Product

Version

Linux

Version: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8
Version: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8
Version: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8
Version: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8
Version: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8
Version: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8
Version: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8
Version: 9466a1ccebbe54ac57fb8a89c2b4b854826546a8

Linux

Version: 5.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:42:35.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/subflow.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8cf7fef1bb2ffea7792bcbf71ca00216cecc725d",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "b3088bd2a6790c8efff139d86d7a9d0b1305977b",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "855bf0aacd51fced11ea9aa0d5101ee0febaeadb",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "7f9ae060ed64aef8f174c5f1ea513825b1be9af1",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "dc81e41a307df523072186b241fa8244fecd7803",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "efd58a8dd9e7a709a90ee486a4247c923d27296f",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "4b2649b9717678aeb097893cc49f59311a1ecab0",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            },
            {
              "lessThan": "443041deb5ef6a1289a99ed95015ec7442f141dc",
              "status": "affected",
              "version": "9466a1ccebbe54ac57fb8a89c2b4b854826546a8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/subflow.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.135",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.135",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.88",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.24",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.12",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.3",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\n\nCall trace:\n\n  mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n  subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n  tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n  tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n  ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n  ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n  ip_local_deliver (./net/ipv4/ip_input.c:254)\n  ip_rcv_finish (./net/ipv4/ip_input.c:449)\n  ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:19:25.316Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8cf7fef1bb2ffea7792bcbf71ca00216cecc725d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3088bd2a6790c8efff139d86d7a9d0b1305977b"
        },
        {
          "url": "https://git.kernel.org/stable/c/855bf0aacd51fced11ea9aa0d5101ee0febaeadb"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f9ae060ed64aef8f174c5f1ea513825b1be9af1"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc81e41a307df523072186b241fa8244fecd7803"
        },
        {
          "url": "https://git.kernel.org/stable/c/efd58a8dd9e7a709a90ee486a4247c923d27296f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b2649b9717678aeb097893cc49f59311a1ecab0"
        },
        {
          "url": "https://git.kernel.org/stable/c/443041deb5ef6a1289a99ed95015ec7442f141dc"
        }
      ],
      "title": "mptcp: fix NULL pointer in can_accept_new_subflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-23145",
    "datePublished": "2025-05-01T12:55:34.622Z",
    "dateReserved": "2025-01-11T14:28:41.512Z",
    "dateUpdated": "2025-11-03T19:42:35.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53141 (GCVE-0-2024-53141)

Vulnerability from cvelistv5

Published

2024-12-06 09:37

Modified

2025-11-03 20:46

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.

References

URL

Tags

	https://git.kernel.org/stable/c/3c20b5948f119ae61ee35ad8584d666020c91581
	https://git.kernel.org/stable/c/78b0f2028f1043227a8eb0c41944027fc6a04596
	https://git.kernel.org/stable/c/2e151b8ca31607d14fddc4ad0f14da0893e1a7c7
	https://git.kernel.org/stable/c/e67471437ae9083fa73fa67eee1573fec1b7c8cf
	https://git.kernel.org/stable/c/7ffef5e5d5eeecd9687204a5ec2d863752aafb7e
	https://git.kernel.org/stable/c/856023ef032d824309abd5c747241dffa33aae8c
	https://git.kernel.org/stable/c/591efa494a1cf649f50a35def649c43ae984cd03
	https://git.kernel.org/stable/c/15794835378ed56fb9bacc6a5dd3b9f33520604e
	https://git.kernel.org/stable/c/35f56c554eb1b56b77b3cf197a6b00922d49033d

Impacted products

Vendor

Product

Version

Linux

Version: 72205fc68bd13109576aa6c4c12c740962d28a6c
Version: 72205fc68bd13109576aa6c4c12c740962d28a6c
Version: 72205fc68bd13109576aa6c4c12c740962d28a6c
Version: 72205fc68bd13109576aa6c4c12c740962d28a6c
Version: 72205fc68bd13109576aa6c4c12c740962d28a6c
Version: 72205fc68bd13109576aa6c4c12c740962d28a6c
Version: 72205fc68bd13109576aa6c4c12c740962d28a6c
Version: 72205fc68bd13109576aa6c4c12c740962d28a6c
Version: 72205fc68bd13109576aa6c4c12c740962d28a6c

Linux

Version: 2.6.39

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:21.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/ipset/ip_set_bitmap_ip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3c20b5948f119ae61ee35ad8584d666020c91581",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            },
            {
              "lessThan": "78b0f2028f1043227a8eb0c41944027fc6a04596",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            },
            {
              "lessThan": "2e151b8ca31607d14fddc4ad0f14da0893e1a7c7",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            },
            {
              "lessThan": "e67471437ae9083fa73fa67eee1573fec1b7c8cf",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            },
            {
              "lessThan": "7ffef5e5d5eeecd9687204a5ec2d863752aafb7e",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            },
            {
              "lessThan": "856023ef032d824309abd5c747241dffa33aae8c",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            },
            {
              "lessThan": "591efa494a1cf649f50a35def649c43ae984cd03",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            },
            {
              "lessThan": "15794835378ed56fb9bacc6a5dd3b9f33520604e",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            },
            {
              "lessThan": "35f56c554eb1b56b77b3cf197a6b00922d49033d",
              "status": "affected",
              "version": "72205fc68bd13109576aa6c4c12c740962d28a6c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/ipset/ip_set_bitmap_ip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: add missing range check in bitmap_ip_uadt\n\nWhen tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,\nthe values of ip and ip_to are slightly swapped. Therefore, the range check\nfor ip should be done later, but this part is missing and it seems that the\nvulnerability occurs.\n\nSo we should add missing range checks and remove unnecessary range checks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:54:04.856Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3c20b5948f119ae61ee35ad8584d666020c91581"
        },
        {
          "url": "https://git.kernel.org/stable/c/78b0f2028f1043227a8eb0c41944027fc6a04596"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e151b8ca31607d14fddc4ad0f14da0893e1a7c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e67471437ae9083fa73fa67eee1573fec1b7c8cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ffef5e5d5eeecd9687204a5ec2d863752aafb7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/856023ef032d824309abd5c747241dffa33aae8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/591efa494a1cf649f50a35def649c43ae984cd03"
        },
        {
          "url": "https://git.kernel.org/stable/c/15794835378ed56fb9bacc6a5dd3b9f33520604e"
        },
        {
          "url": "https://git.kernel.org/stable/c/35f56c554eb1b56b77b3cf197a6b00922d49033d"
        }
      ],
      "title": "netfilter: ipset: add missing range check in bitmap_ip_uadt",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53141",
    "datePublished": "2024-12-06T09:37:02.009Z",
    "dateReserved": "2024-11-19T17:17:24.997Z",
    "dateUpdated": "2025-11-03T20:46:21.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:4283-1

Vulnerability from csaf_suse

CVE-2025-23145 (GCVE-0-2025-23145)

Vulnerability from cvelistv5

CVE-2024-53141 (GCVE-0-2024-53141)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature