suse-su-2025:0555-1
Vulnerability from csaf_suse
Published
2025-02-14 15:25
Modified
2025-02-14 15:25
Summary
Security update for the Linux Kernel

Notes

Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
Patchnames
SUSE-2025-555,SUSE-SLE-Micro-5.3-2025-555,SUSE-SLE-Micro-5.4-2025-555
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).\n- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).\n- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).\n- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).\n- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).\n- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).\n- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).\n- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).\n- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).\n- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).\n- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).\n- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).\n- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).\n- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).\n- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).\n- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).\n- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).\n- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).\n\nThe following non-security bugs were fixed:\n\n- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).\n- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).\n- NFS: Improve heuristic for readdirplus (bsc#1231847).\n- NFS: Trigger the \u0027ls -l\u0027 readdir heuristic sooner (bsc#1231847).\n- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).\n- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-555,SUSE-SLE-Micro-5.3-2025-555,SUSE-SLE-Micro-5.4-2025-555",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0555-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0555-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250555-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0555-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020353.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230697",
        "url": "https://bugzilla.suse.com/1230697"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1231847",
        "url": "https://bugzilla.suse.com/1231847"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233112",
        "url": "https://bugzilla.suse.com/1233112"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233642",
        "url": "https://bugzilla.suse.com/1233642"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1234025",
        "url": "https://bugzilla.suse.com/1234025"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1234690",
        "url": "https://bugzilla.suse.com/1234690"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1234884",
        "url": "https://bugzilla.suse.com/1234884"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1234896",
        "url": "https://bugzilla.suse.com/1234896"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1234931",
        "url": "https://bugzilla.suse.com/1234931"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235134",
        "url": "https://bugzilla.suse.com/1235134"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235217",
        "url": "https://bugzilla.suse.com/1235217"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235230",
        "url": "https://bugzilla.suse.com/1235230"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235249",
        "url": "https://bugzilla.suse.com/1235249"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235430",
        "url": "https://bugzilla.suse.com/1235430"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235433",
        "url": "https://bugzilla.suse.com/1235433"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235441",
        "url": "https://bugzilla.suse.com/1235441"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235451",
        "url": "https://bugzilla.suse.com/1235451"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235466",
        "url": "https://bugzilla.suse.com/1235466"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235480",
        "url": "https://bugzilla.suse.com/1235480"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235521",
        "url": "https://bugzilla.suse.com/1235521"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235584",
        "url": "https://bugzilla.suse.com/1235584"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235645",
        "url": "https://bugzilla.suse.com/1235645"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235723",
        "url": "https://bugzilla.suse.com/1235723"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235759",
        "url": "https://bugzilla.suse.com/1235759"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235764",
        "url": "https://bugzilla.suse.com/1235764"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235814",
        "url": "https://bugzilla.suse.com/1235814"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235818",
        "url": "https://bugzilla.suse.com/1235818"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235920",
        "url": "https://bugzilla.suse.com/1235920"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235969",
        "url": "https://bugzilla.suse.com/1235969"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236628",
        "url": "https://bugzilla.suse.com/1236628"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50199 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50199/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53095 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53095/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53104 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53104/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53144 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53144/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53166 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53166/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53177 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53177/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-54680 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-54680/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56600 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56600/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56601 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56601/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56602 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56602/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56623 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56623/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56631 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56631/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56642 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56642/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56645 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56648 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56648/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56650 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56650/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56658 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56658/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56661 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56661/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56664 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56664/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56704 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56759 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56759/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57791 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57791/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57792 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57792/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57798 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57798/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57849 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57849/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57893 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57893/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57897 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57897/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-8805 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-8805/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2025-02-14T15:25:28Z",
      "generator": {
        "date": "2025-02-14T15:25:28Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0555-1",
      "initial_release_date": "2025-02-14T15:25:28Z",
      "revision_history": [
        {
          "date": "2025-02-14T15:25:28Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-rt-5.14.21-150400.15.109.1.noarch",
                "product": {
                  "name": "kernel-devel-rt-5.14.21-150400.15.109.1.noarch",
                  "product_id": "kernel-devel-rt-5.14.21-150400.15.109.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-5.14.21-150400.15.109.1.noarch",
                "product": {
                  "name": "kernel-source-rt-5.14.21-150400.15.109.1.noarch",
                  "product_id": "kernel-source-rt-5.14.21-150400.15.109.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cluster-md-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "cluster-md-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "cluster-md-kmp-rt-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "dlm-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "dlm-kmp-rt-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "gfs2-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "gfs2-kmp-rt-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-rt-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-rt-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-rt-devel-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-extra-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-rt-extra-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-rt-extra-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-rt-livepatch-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-devel-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-devel-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-optional-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-rt-optional-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-rt-optional-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-rt_debug-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-devel-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-devel-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-rt_debug-devel-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-rt-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kernel-syms-rt-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kernel-syms-rt-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kselftests-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "kselftests-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "kselftests-kmp-rt-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "ocfs2-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "ocfs2-kmp-rt-5.14.21-150400.15.109.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "reiserfs-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                "product": {
                  "name": "reiserfs-kmp-rt-5.14.21-150400.15.109.1.x86_64",
                  "product_id": "reiserfs-kmp-rt-5.14.21-150400.15.109.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.3",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.3",
                  "product_id": "SUSE Linux Enterprise Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.4",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.4",
                  "product_id": "SUSE Linux Enterprise Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-5.14.21-150400.15.109.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64"
        },
        "product_reference": "kernel-rt-5.14.21-150400.15.109.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-5.14.21-150400.15.109.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        },
        "product_reference": "kernel-source-rt-5.14.21-150400.15.109.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-5.14.21-150400.15.109.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64"
        },
        "product_reference": "kernel-rt-5.14.21-150400.15.109.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-5.14.21-150400.15.109.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        },
        "product_reference": "kernel-source-rt-5.14.21-150400.15.109.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-50199",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50199"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swapfile: skip HugeTLB pages for unuse_vma\n\nI got a bad pud error and lost a 1GB HugeTLB when calling swapoff.  The\nproblem can be reproduced by the following steps:\n\n 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory.\n 2. Swapout the above anonymous memory.\n 3. run swapoff and we will get a bad pud error in kernel message:\n\n  mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7)\n\nWe can tell that pud_clear_bad is called by pud_none_or_clear_bad in\nunuse_pud_range() by ftrace.  And therefore the HugeTLB pages will never\nbe freed because we lost it from page table.  We can skip HugeTLB pages\nfor unuse_vma to fix it.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50199",
          "url": "https://www.suse.com/security/cve/CVE-2024-50199"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233112 for CVE-2024-50199",
          "url": "https://bugzilla.suse.com/1233112"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50199"
    },
    {
      "cve": "CVE-2024-53095",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53095"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free of network namespace.\n\nRecently, we got a customer report that CIFS triggers oops while\nreconnecting to a server.  [0]\n\nThe workload runs on Kubernetes, and some pods mount CIFS servers\nin non-root network namespaces.  The problem rarely happened, but\nit was always while the pod was dying.\n\nThe root cause is wrong reference counting for network namespace.\n\nCIFS uses kernel sockets, which do not hold refcnt of the netns that\nthe socket belongs to.  That means CIFS must ensure the socket is\nalways freed before its netns; otherwise, use-after-free happens.\n\nThe repro steps are roughly:\n\n  1. mount CIFS in a non-root netns\n  2. drop packets from the netns\n  3. destroy the netns\n  4. unmount CIFS\n\nWe can reproduce the issue quickly with the script [1] below and see\nthe splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled.\n\nWhen the socket is TCP, it is hard to guarantee the netns lifetime\nwithout holding refcnt due to async timers.\n\nLet\u0027s hold netns refcnt for each socket as done for SMC in commit\n9744d2bf1976 (\"smc: Fix use-after-free in tcp_write_timer_handler().\").\n\nNote that we need to move put_net() from cifs_put_tcp_session() to\nclean_demultiplex_info(); otherwise, __sock_create() still could touch a\nfreed netns while cifsd tries to reconnect from cifs_demultiplex_thread().\n\nAlso, maybe_get_net() cannot be put just before __sock_create() because\nthe code is not under RCU and there is a small chance that the same\naddress happened to be reallocated to another netns.\n\n[0]:\nCIFS: VFS: \\\\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting...\nCIFS: Serverclose failed 4 times, giving up\nUnable to handle kernel paging request at virtual address 14de99e461f84a07\nMem abort info:\n  ESR = 0x0000000096000004\n  EC = 0x25: DABT (current EL), IL = 32 bits\n  SET = 0, FnV = 0\n  EA = 0, S1PTW = 0\n  FSC = 0x04: level 0 translation fault\nData abort info:\n  ISV = 0, ISS = 0x00000004\n  CM = 0, WnR = 0\n[14de99e461f84a07] address between user and kernel address ranges\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs\nCPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1\nHardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018\npstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : fib_rules_lookup+0x44/0x238\nlr : __fib_lookup+0x64/0xbc\nsp : ffff8000265db790\nx29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01\nx26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580\nx23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500\nx20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002\nx11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294\nx8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0\nx2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500\nCall trace:\n fib_rules_lookup+0x44/0x238\n __fib_lookup+0x64/0xbc\n ip_route_output_key_hash_rcu+0x2c4/0x398\n ip_route_output_key_hash+0x60/0x8c\n tcp_v4_connect+0x290/0x488\n __inet_stream_connect+0x108/0x3d0\n inet_stream_connect+0x50/0x78\n kernel_connect+0x6c/0xac\n generic_ip_conne\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53095",
          "url": "https://www.suse.com/security/cve/CVE-2024-53095"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233642 for CVE-2024-53095",
          "url": "https://bugzilla.suse.com/1233642"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-53095"
    },
    {
      "cve": "CVE-2024-53104",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53104"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53104",
          "url": "https://www.suse.com/security/cve/CVE-2024-53104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234025 for CVE-2024-53104",
          "url": "https://bugzilla.suse.com/1234025"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236783 for CVE-2024-53104",
          "url": "https://bugzilla.suse.com/1236783"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-53104"
    },
    {
      "cve": "CVE-2024-53144",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53144"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE\n\nThis aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4\n(\"Bluetooth: Always request for user confirmation for Just Works\")\nalways request user confirmation with confirm_hint set since the\nlikes of bluetoothd have dedicated policy around JUST_WORKS method\n(e.g. main.conf:JustWorksRepairing).\n\nCVE: CVE-2024-8805",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53144",
          "url": "https://www.suse.com/security/cve/CVE-2024-53144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234690 for CVE-2024-53144",
          "url": "https://bugzilla.suse.com/1234690"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-53144"
    },
    {
      "cve": "CVE-2024-53166",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53166"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix bfqq uaf in bfq_limit_depth()\n\nSet new allocated bfqq to bic or remove freed bfqq from bic are both\nprotected by bfqd-\u003elock, however bfq_limit_depth() is deferencing bfqq\nfrom bic without the lock, this can lead to UAF if the io_context is\nshared by multiple tasks.\n\nFor example, test bfq with io_uring can trigger following UAF in v6.6:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x47/0x80\n print_address_description.constprop.0+0x66/0x300\n print_report+0x3e/0x70\n kasan_report+0xb4/0xf0\n bfqq_group+0x15/0x50\n bfqq_request_over_limit+0x130/0x9a0\n bfq_limit_depth+0x1b5/0x480\n __blk_mq_alloc_requests+0x2b5/0xa00\n blk_mq_get_new_requests+0x11d/0x1d0\n blk_mq_submit_bio+0x286/0xb00\n submit_bio_noacct_nocheck+0x331/0x400\n __block_write_full_folio+0x3d0/0x640\n writepage_cb+0x3b/0xc0\n write_cache_pages+0x254/0x6c0\n write_cache_pages+0x254/0x6c0\n do_writepages+0x192/0x310\n filemap_fdatawrite_wbc+0x95/0xc0\n __filemap_fdatawrite_range+0x99/0xd0\n filemap_write_and_wait_range.part.0+0x4d/0xa0\n blkdev_read_iter+0xef/0x1e0\n io_read+0x1b6/0x8a0\n io_issue_sqe+0x87/0x300\n io_wq_submit_work+0xeb/0x390\n io_worker_handle_work+0x24d/0x550\n io_wq_worker+0x27f/0x6c0\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nAllocated by task 808602:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_slab_alloc+0x83/0x90\n kmem_cache_alloc_node+0x1b1/0x6d0\n bfq_get_queue+0x138/0xfa0\n bfq_get_bfqq_handle_split+0xe3/0x2c0\n bfq_init_rq+0x196/0xbb0\n bfq_insert_request.isra.0+0xb5/0x480\n bfq_insert_requests+0x156/0x180\n blk_mq_insert_request+0x15d/0x440\n blk_mq_submit_bio+0x8a4/0xb00\n submit_bio_noacct_nocheck+0x331/0x400\n __blkdev_direct_IO_async+0x2dd/0x330\n blkdev_write_iter+0x39a/0x450\n io_write+0x22a/0x840\n io_issue_sqe+0x87/0x300\n io_wq_submit_work+0xeb/0x390\n io_worker_handle_work+0x24d/0x550\n io_wq_worker+0x27f/0x6c0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x1b/0x30\n\nFreed by task 808589:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n __kasan_slab_free+0x126/0x1b0\n kmem_cache_free+0x10c/0x750\n bfq_put_queue+0x2dd/0x770\n __bfq_insert_request.isra.0+0x155/0x7a0\n bfq_insert_request.isra.0+0x122/0x480\n bfq_insert_requests+0x156/0x180\n blk_mq_dispatch_plug_list+0x528/0x7e0\n blk_mq_flush_plug_list.part.0+0xe5/0x590\n __blk_flush_plug+0x3b/0x90\n blk_finish_plug+0x40/0x60\n do_writepages+0x19d/0x310\n filemap_fdatawrite_wbc+0x95/0xc0\n __filemap_fdatawrite_range+0x99/0xd0\n filemap_write_and_wait_range.part.0+0x4d/0xa0\n blkdev_read_iter+0xef/0x1e0\n io_read+0x1b6/0x8a0\n io_issue_sqe+0x87/0x300\n io_wq_submit_work+0xeb/0x390\n io_worker_handle_work+0x24d/0x550\n io_wq_worker+0x27f/0x6c0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x1b/0x30\n\nFix the problem by protecting bic_to_bfqq() with bfqd-\u003elock.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53166",
          "url": "https://www.suse.com/security/cve/CVE-2024-53166"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234884 for CVE-2024-53166",
          "url": "https://bugzilla.suse.com/1234884"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234885 for CVE-2024-53166",
          "url": "https://bugzilla.suse.com/1234885"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-53166"
    },
    {
      "cve": "CVE-2024-53177",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53177"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53177",
          "url": "https://www.suse.com/security/cve/CVE-2024-53177"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234896 for CVE-2024-53177",
          "url": "https://bugzilla.suse.com/1234896"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235103 for CVE-2024-53177",
          "url": "https://bugzilla.suse.com/1235103"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-53177"
    },
    {
      "cve": "CVE-2024-54680",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-54680"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-54680",
          "url": "https://www.suse.com/security/cve/CVE-2024-54680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235723 for CVE-2024-54680",
          "url": "https://bugzilla.suse.com/1235723"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-54680"
    },
    {
      "cve": "CVE-2024-56600",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56600"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet6: do not leave a dangling sk pointer in inet6_create()\n\nsock_init_data() attaches the allocated sk pointer to the provided sock\nobject. If inet6_create() fails later, the sk object is released, but the\nsock object retains the dangling sk pointer, which may cause use-after-free\nlater.\n\nClear the sock sk pointer on error.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56600",
          "url": "https://www.suse.com/security/cve/CVE-2024-56600"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235217 for CVE-2024-56600",
          "url": "https://bugzilla.suse.com/1235217"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235218 for CVE-2024-56600",
          "url": "https://bugzilla.suse.com/1235218"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56600"
    },
    {
      "cve": "CVE-2024-56601",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56601"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56601",
          "url": "https://www.suse.com/security/cve/CVE-2024-56601"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235230 for CVE-2024-56601",
          "url": "https://bugzilla.suse.com/1235230"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235231 for CVE-2024-56601",
          "url": "https://bugzilla.suse.com/1235231"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56601"
    },
    {
      "cve": "CVE-2024-56602",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56602"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: do not leave a dangling sk pointer in ieee802154_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If ieee802154_create() fails later, the allocated sk object is\nfreed, but the dangling pointer remains in the provided sock object, which\nmay allow use-after-free.\n\nClear the sk pointer in the sock object on error.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56602",
          "url": "https://www.suse.com/security/cve/CVE-2024-56602"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235521 for CVE-2024-56602",
          "url": "https://bugzilla.suse.com/1235521"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235522 for CVE-2024-56602",
          "url": "https://bugzilla.suse.com/1235522"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56602"
    },
    {
      "cve": "CVE-2024-56623",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56623"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix use after free on unload\n\nSystem crash is observed with stack trace warning of use after\nfree. There are 2 signals to tell dpc_thread to terminate (UNLOADING\nflag and kthread_stop).\n\nOn setting the UNLOADING flag when dpc_thread happens to run at the time\nand sees the flag, this causes dpc_thread to exit and clean up\nitself. When kthread_stop is called for final cleanup, this causes use\nafter free.\n\nRemove UNLOADING signal to terminate dpc_thread.  Use the kthread_stop\nas the main signal to exit dpc_thread.\n\n[596663.812935] kernel BUG at mm/slub.c:294!\n[596663.812950] invalid opcode: 0000 [#1] SMP PTI\n[596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G          IOE    --------- -  - 4.18.0-240.el8.x86_64 #1\n[596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012\n[596663.812974] RIP: 0010:__slab_free+0x17d/0x360\n\n...\n[596663.813008] Call Trace:\n[596663.813022]  ? __dentry_kill+0x121/0x170\n[596663.813030]  ? _cond_resched+0x15/0x30\n[596663.813034]  ? _cond_resched+0x15/0x30\n[596663.813039]  ? wait_for_completion+0x35/0x190\n[596663.813048]  ? try_to_wake_up+0x63/0x540\n[596663.813055]  free_task+0x5a/0x60\n[596663.813061]  kthread_stop+0xf3/0x100\n[596663.813103]  qla2x00_remove_one+0x284/0x440 [qla2xxx]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56623",
          "url": "https://www.suse.com/security/cve/CVE-2024-56623"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235466 for CVE-2024-56623",
          "url": "https://bugzilla.suse.com/1235466"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235468 for CVE-2024-56623",
          "url": "https://bugzilla.suse.com/1235468"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56623"
    },
    {
      "cve": "CVE-2024-56631",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56631"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Fix slab-use-after-free read in sg_release()\n\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30\nkernel/locking/lockdep.c:5838\n__mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912\nsg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407\n\nIn sg_release(), the function kref_put(\u0026sfp-\u003ef_ref, sg_remove_sfp) is\ncalled before releasing the open_rel_lock mutex. The kref_put() call may\ndecrement the reference count of sfp to zero, triggering its cleanup\nthrough sg_remove_sfp(). This cleanup includes scheduling deferred work\nvia sg_remove_sfp_usercontext(), which ultimately frees sfp.\n\nAfter kref_put(), sg_release() continues to unlock open_rel_lock and may\nreference sfp or sdp. If sfp has already been freed, this results in a\nslab-use-after-free error.\n\nMove the kref_put(\u0026sfp-\u003ef_ref, sg_remove_sfp) call after unlocking the\nopen_rel_lock mutex. This ensures:\n\n - No references to sfp or sdp occur after the reference count is\n   decremented.\n\n - Cleanup functions such as sg_remove_sfp() and\n   sg_remove_sfp_usercontext() can safely execute without impacting the\n   mutex handling in sg_release().\n\nThe fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures proper\nsequencing of resource cleanup and mutex operations, eliminating the\nrisk of use-after-free errors in sg_release().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56631",
          "url": "https://www.suse.com/security/cve/CVE-2024-56631"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235480 for CVE-2024-56631",
          "url": "https://bugzilla.suse.com/1235480"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235482 for CVE-2024-56631",
          "url": "https://bugzilla.suse.com/1235482"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56631"
    },
    {
      "cve": "CVE-2024-56642",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56642"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free of kernel socket in cleanup_bearer().\n\nsyzkaller reported a use-after-free of UDP kernel socket\nin cleanup_bearer() without repro. [0][1]\n\nWhen bearer_disable() calls tipc_udp_disable(), cleanup\nof the UDP kernel socket is deferred by work calling\ncleanup_bearer().\n\ntipc_exit_net() waits for such works to finish by checking\ntipc_net(net)-\u003ewq_count.  However, the work decrements the\ncount too early before releasing the kernel socket,\nunblocking cleanup_net() and resulting in use-after-free.\n\nLet\u0027s move the decrement after releasing the socket in\ncleanup_bearer().\n\n[0]:\nref_tracker: net notrefcnt@000000009b3d1faf has 1/1 users at\n     sk_alloc+0x438/0x608\n     inet_create+0x4c8/0xcb0\n     __sock_create+0x350/0x6b8\n     sock_create_kern+0x58/0x78\n     udp_sock_create4+0x68/0x398\n     udp_sock_create+0x88/0xc8\n     tipc_udp_enable+0x5e8/0x848\n     __tipc_nl_bearer_enable+0x84c/0xed8\n     tipc_nl_bearer_enable+0x38/0x60\n     genl_family_rcv_msg_doit+0x170/0x248\n     genl_rcv_msg+0x400/0x5b0\n     netlink_rcv_skb+0x1dc/0x398\n     genl_rcv+0x44/0x68\n     netlink_unicast+0x678/0x8b0\n     netlink_sendmsg+0x5e4/0x898\n     ____sys_sendmsg+0x500/0x830\n\n[1]:\nBUG: KMSAN: use-after-free in udp_hashslot include/net/udp.h:85 [inline]\nBUG: KMSAN: use-after-free in udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n udp_hashslot include/net/udp.h:85 [inline]\n udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n sk_common_release+0xaf/0x3f0 net/core/sock.c:3820\n inet_release+0x1e0/0x260 net/ipv4/af_inet.c:437\n inet6_release+0x6f/0xd0 net/ipv6/af_inet6.c:489\n __sock_release net/socket.c:658 [inline]\n sock_release+0xa0/0x210 net/socket.c:686\n cleanup_bearer+0x42d/0x4c0 net/tipc/udp_media.c:819\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\n slab_free_hook mm/slub.c:2269 [inline]\n slab_free mm/slub.c:4580 [inline]\n kmem_cache_free+0x207/0xc40 mm/slub.c:4682\n net_free net/core/net_namespace.c:454 [inline]\n cleanup_net+0x16f2/0x19d0 net/core/net_namespace.c:647\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.12.0-rc1-00131-gf66ebf37d69c #7 91723d6f74857f70725e1583cba3cf4adc716cfa\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: events cleanup_bearer",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56642",
          "url": "https://www.suse.com/security/cve/CVE-2024-56642"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235433 for CVE-2024-56642",
          "url": "https://bugzilla.suse.com/1235433"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235434 for CVE-2024-56642",
          "url": "https://bugzilla.suse.com/1235434"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56642"
    },
    {
      "cve": "CVE-2024-56645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: j1939_session_new(): fix skb reference counting\n\nSince j1939_session_skb_queue() does an extra skb_get() for each new\nskb, do the same for the initial one in j1939_session_new() to avoid\nrefcount underflow.\n\n[mkl: clean up commit message]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56645",
          "url": "https://www.suse.com/security/cve/CVE-2024-56645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235134 for CVE-2024-56645",
          "url": "https://bugzilla.suse.com/1235134"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235135 for CVE-2024-56645",
          "url": "https://bugzilla.suse.com/1235135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56645"
    },
    {
      "cve": "CVE-2024-56648",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56648"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb-\u003emac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n  fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n  hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n  hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n  __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n  netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n  xmit_one net/core/dev.c:3590 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n  __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n  dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3146 [inline]\n  packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n  sock_sendmsg_nosec net/socket.c:711 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:726\n  __sys_sendto+0x594/0x750 net/socket.c:2197\n  __do_sys_sendto net/socket.c:2204 [inline]\n  __se_sys_sendto net/socket.c:2200 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n  x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:4091 [inline]\n  slab_alloc_node mm/slub.c:4134 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n  alloc_skb include/linux/skbuff.h:1323 [inline]\n  alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n  packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n  packet_snd net/packet/af_packet.c:3089 [inline]\n  packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n  sock_sendmsg_nosec net/socket.c:711 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:726\n  __sys_sendto+0x594/0x750 net/socket.c:2197\n  __do_sys_sendto net/socket.c:2204 [inline]\n  __se_sys_sendto net/socket.c:2200 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n  x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56648",
          "url": "https://www.suse.com/security/cve/CVE-2024-56648"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235451 for CVE-2024-56648",
          "url": "https://bugzilla.suse.com/1235451"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235452 for CVE-2024-56648",
          "url": "https://bugzilla.suse.com/1235452"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56648"
    },
    {
      "cve": "CVE-2024-56650",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56650"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix LED ID check in led_tg_check()\n\nSyzbot has reported the following BUG detected by KASAN:\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70\nRead of size 1 at addr ffff8881022da0c8 by task repro/5879\n...\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x241/0x360\n ? __pfx_dump_stack_lvl+0x10/0x10\n ? __pfx__printk+0x10/0x10\n ? _printk+0xd5/0x120\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n print_report+0x169/0x550\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x45f/0x530\n ? __phys_addr+0xba/0x170\n ? strlen+0x58/0x70\n kasan_report+0x143/0x180\n ? strlen+0x58/0x70\n strlen+0x58/0x70\n kstrdup+0x20/0x80\n led_tg_check+0x18b/0x3c0\n xt_check_target+0x3bb/0xa40\n ? __pfx_xt_check_target+0x10/0x10\n ? stack_depot_save_flags+0x6e4/0x830\n ? nft_target_init+0x174/0xc30\n nft_target_init+0x82d/0xc30\n ? __pfx_nft_target_init+0x10/0x10\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? rcu_is_watching+0x15/0xb0\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? __kmalloc_noprof+0x21a/0x400\n nf_tables_newrule+0x1860/0x2980\n ? __pfx_nf_tables_newrule+0x10/0x10\n ? __nla_parse+0x40/0x60\n nfnetlink_rcv+0x14e5/0x2ab0\n ? __pfx_validate_chain+0x10/0x10\n ? __pfx_nfnetlink_rcv+0x10/0x10\n ? __lock_acquire+0x1384/0x2050\n ? netlink_deliver_tap+0x2e/0x1b0\n ? __pfx_lock_release+0x10/0x10\n ? netlink_deliver_tap+0x2e/0x1b0\n netlink_unicast+0x7f8/0x990\n ? __pfx_netlink_unicast+0x10/0x10\n ? __virt_addr_valid+0x183/0x530\n ? __check_object_size+0x48e/0x900\n netlink_sendmsg+0x8e4/0xcb0\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? aa_sock_msg_perm+0x91/0x160\n ? __pfx_netlink_sendmsg+0x10/0x10\n __sock_sendmsg+0x223/0x270\n ____sys_sendmsg+0x52a/0x7e0\n ? __pfx_____sys_sendmsg+0x10/0x10\n __sys_sendmsg+0x292/0x380\n ? __pfx___sys_sendmsg+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? exc_page_fault+0x590/0x8c0\n ? do_syscall_64+0xb6/0x230\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nSince an invalid (without \u0027\\0\u0027 byte at all) byte sequence may be passed\nfrom userspace, add an extra check to ensure that such a sequence is\nrejected as possible ID and so never passed to \u0027kstrdup()\u0027 and further.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56650",
          "url": "https://www.suse.com/security/cve/CVE-2024-56650"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235430 for CVE-2024-56650",
          "url": "https://bugzilla.suse.com/1235430"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235431 for CVE-2024-56650",
          "url": "https://bugzilla.suse.com/1235431"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56650"
    },
    {
      "cve": "CVE-2024-56658",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56658"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n    dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56658",
          "url": "https://www.suse.com/security/cve/CVE-2024-56658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235441 for CVE-2024-56658",
          "url": "https://bugzilla.suse.com/1235441"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235442 for CVE-2024-56658",
          "url": "https://bugzilla.suse.com/1235442"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56658"
    },
    {
      "cve": "CVE-2024-56661",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56661"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix NULL deref in cleanup_bearer()\n\nsyzbot found [1] that after blamed commit, ub-\u003eubsock-\u003esk\nwas NULL when attempting the atomic_dec() :\n\natomic_dec(\u0026tipc_net(sock_net(ub-\u003eubsock-\u003esk))-\u003ewq_count);\n\nFix this by caching the tipc_net pointer.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events cleanup_bearer\n RIP: 0010:read_pnet include/net/net_namespace.h:387 [inline]\n RIP: 0010:sock_net include/net/sock.h:655 [inline]\n RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820\nCode: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 \u003c42\u003e 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b\nRSP: 0018:ffffc9000410fb70 EFLAGS: 00010206\nRAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900\nRBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20\nR10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980\nR13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918\nFS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56661",
          "url": "https://www.suse.com/security/cve/CVE-2024-56661"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234931 for CVE-2024-56661",
          "url": "https://bugzilla.suse.com/1234931"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56661"
    },
    {
      "cve": "CVE-2024-56664",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56664"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n  sock_map_close()\n    lock_sock(sk)               (s0!)\n    sock_map_remove_links(sk)\n      link = sk_psock_link_pop()\n      sock_map_unlink(sk, link)\n        sock_map_delete_from_link\n                                        // replace map[0] with s1\n                                        map_update_elem(map, 0, s1)\n                                          sock_map_update_elem\n                                (s1!)       lock_sock(sk)\n                                            sock_map_update_common\n                                              psock = sk_psock(sk)\n                                              spin_lock(\u0026stab-\u003elock)\n                                              osk = stab-\u003esks[idx]\n                                              sock_map_add_link(..., \u0026stab-\u003esks[idx])\n                                              sock_map_unref(osk, \u0026stab-\u003esks[idx])\n                                                psock = sk_psock(osk)\n                                                sk_psock_put(sk, psock)\n                                                  if (refcount_dec_and_test(\u0026psock))\n                                                    sk_psock_drop(sk, psock)\n                                              spin_unlock(\u0026stab-\u003elock)\n                                            unlock_sock(sk)\n          __sock_map_delete\n            spin_lock(\u0026stab-\u003elock)\n            sk = *psk                        // s1 replaced s0; sk == s1\n            if (!sk_test || sk_test == sk)   // sk_test (s0) != sk (s1); no branch\n              sk = xchg(psk, NULL)\n            if (sk)\n              sock_map_unref(sk, psk)        // unref s1; sks[idx] will dangle\n                psock = sk_psock(sk)\n                sk_psock_put(sk, psock)\n                  if (refcount_dec_and_test())\n                    sk_psock_drop(sk, psock)\n            spin_unlock(\u0026stab-\u003elock)\n    release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56664",
          "url": "https://www.suse.com/security/cve/CVE-2024-56664"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235249 for CVE-2024-56664",
          "url": "https://bugzilla.suse.com/1235249"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235250 for CVE-2024-56664",
          "url": "https://bugzilla.suse.com/1235250"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56664"
    },
    {
      "cve": "CVE-2024-56704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/xen: fix release of IRQ\n\nKernel logs indicate an IRQ was double-freed.\n\nPass correct device ID during IRQ release.\n\n[Dominique: remove confusing variable reset to 0]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56704",
          "url": "https://www.suse.com/security/cve/CVE-2024-56704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235584 for CVE-2024-56704",
          "url": "https://bugzilla.suse.com/1235584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56704"
    },
    {
      "cve": "CVE-2024-56759",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56759"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when COWing tree bock and tracing is enabled\n\nWhen a COWing a tree block, at btrfs_cow_block(), and we have the\ntracepoint trace_btrfs_cow_block() enabled and preemption is also enabled\n(CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent\nbuffer while inside the tracepoint code. This is because in some paths\nthat call btrfs_cow_block(), such as btrfs_search_slot(), we are holding\nthe last reference on the extent buffer @buf so btrfs_force_cow_block()\ndrops the last reference on the @buf extent buffer when it calls\nfree_extent_buffer_stale(buf), which schedules the release of the extent\nbuffer with RCU. This means that if we are on a kernel with preemption,\nthe current task may be preempted before calling trace_btrfs_cow_block()\nand the extent buffer already released by the time trace_btrfs_cow_block()\nis called, resulting in a use-after-free.\n\nFix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to\nbtrfs_force_cow_block() before the COWed extent buffer is freed.\nThis also has a side effect of invoking the tracepoint in the tree defrag\ncode, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is\ncalled there, but this is fine and it was actually missing there.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56759",
          "url": "https://www.suse.com/security/cve/CVE-2024-56759"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235645 for CVE-2024-56759",
          "url": "https://bugzilla.suse.com/1235645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236569 for CVE-2024-56759",
          "url": "https://bugzilla.suse.com/1236569"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-56759"
    },
    {
      "cve": "CVE-2024-57791",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57791"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check return value of sock_recvmsg when draining clc data\n\nWhen receiving clc msg, the field length in smc_clc_msg_hdr indicates the\nlength of msg should be received from network and the value should not be\nfully trusted as it is from the network. Once the value of length exceeds\nthe value of buflen in function smc_clc_wait_msg it may run into deadloop\nwhen trying to drain the remaining data exceeding buflen.\n\nThis patch checks the return value of sock_recvmsg when draining data in\ncase of deadloop in draining.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57791",
          "url": "https://www.suse.com/security/cve/CVE-2024-57791"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235759 for CVE-2024-57791",
          "url": "https://bugzilla.suse.com/1235759"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235760 for CVE-2024-57791",
          "url": "https://bugzilla.suse.com/1235760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-57791"
    },
    {
      "cve": "CVE-2024-57792",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57792"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: gpio-charger: Fix set charge current limits\n\nFix set charge current limits for devices which allow to set the lowest\ncharge current limit to be greater zero. If requested charge current limit\nis below lowest limit, the index equals current_limit_map_size which leads\nto accessing memory beyond allocated memory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57792",
          "url": "https://www.suse.com/security/cve/CVE-2024-57792"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235764 for CVE-2024-57792",
          "url": "https://bugzilla.suse.com/1235764"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236568 for CVE-2024-57792",
          "url": "https://bugzilla.suse.com/1236568"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-57792"
    },
    {
      "cve": "CVE-2024-57798",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57798"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()\n\nWhile receiving an MST up request message from one thread in\ndrm_dp_mst_handle_up_req(), the MST topology could be removed from\nanother thread via drm_dp_mst_topology_mgr_set_mst(false), freeing\nmst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL.\nThis could lead to a NULL deref/use-after-free of mst_primary in\ndrm_dp_mst_handle_up_req().\n\nAvoid the above by holding a reference for mst_primary in\ndrm_dp_mst_handle_up_req() while it\u0027s used.\n\nv2: Fix kfreeing the request if getting an mst_primary reference fails.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57798",
          "url": "https://www.suse.com/security/cve/CVE-2024-57798"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235818 for CVE-2024-57798",
          "url": "https://bugzilla.suse.com/1235818"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235819 for CVE-2024-57798",
          "url": "https://bugzilla.suse.com/1235819"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-57798"
    },
    {
      "cve": "CVE-2024-57849",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57849"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cpum_sf: Handle CPU hotplug remove during sampling\n\nCPU hotplug remove handling triggers the following function\ncall sequence:\n\n   CPUHP_AP_PERF_S390_SF_ONLINE  --\u003e s390_pmu_sf_offline_cpu()\n   ...\n   CPUHP_AP_PERF_ONLINE          --\u003e perf_event_exit_cpu()\n\nThe s390 CPUMF sampling CPU hotplug handler invokes:\n\n s390_pmu_sf_offline_cpu()\n +--\u003e  cpusf_pmu_setup()\n       +--\u003e setup_pmc_cpu()\n            +--\u003e deallocate_buffers()\n\nThis function de-allocates all sampling data buffers (SDBs) allocated\nfor that CPU at event initialization. It also clears the\nPMU_F_RESERVED bit. The CPU is gone and can not be sampled.\n\nWith the event still being active on the removed CPU, the CPU event\nhotplug support in kernel performance subsystem triggers the\nfollowing function calls on the removed CPU:\n\n  perf_event_exit_cpu()\n  +--\u003e perf_event_exit_cpu_context()\n       +--\u003e __perf_event_exit_context()\n\t    +--\u003e __perf_remove_from_context()\n\t         +--\u003e event_sched_out()\n\t              +--\u003e cpumsf_pmu_del()\n\t                   +--\u003e cpumsf_pmu_stop()\n                                +--\u003e hw_perf_event_update()\n\nto stop and remove the event. During removal of the event, the\nsampling device driver tries to read out the remaining samples from\nthe sample data buffers (SDBs). But they have already been freed\n(and may have been re-assigned). This may lead to a use after free\nsituation in which case the samples are most likely invalid. In the\nbest case the memory has not been reassigned and still contains\nvalid data.\n\nRemedy this situation and check if the CPU is still in reserved\nstate (bit PMU_F_RESERVED set). In this case the SDBs have not been\nreleased an contain valid data. This is always the case when\nthe event is removed (and no CPU hotplug off occured).\nIf the PMU_F_RESERVED bit is not set, the SDB buffers are gone.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57849",
          "url": "https://www.suse.com/security/cve/CVE-2024-57849"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235814 for CVE-2024-57849",
          "url": "https://bugzilla.suse.com/1235814"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235815 for CVE-2024-57849",
          "url": "https://bugzilla.suse.com/1235815"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-57849"
    },
    {
      "cve": "CVE-2024-57893",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57893"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: seq: oss: Fix races at processing SysEx messages\n\nOSS sequencer handles the SysEx messages split in 6 bytes packets, and\nALSA sequencer OSS layer tries to combine those.  It stores the data\nin the internal buffer and this access is racy as of now, which may\nlead to the out-of-bounds access.\n\nAs a temporary band-aid fix, introduce a mutex for serializing the\nprocess of the SysEx message packets.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57893",
          "url": "https://www.suse.com/security/cve/CVE-2024-57893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235920 for CVE-2024-57893",
          "url": "https://bugzilla.suse.com/1235920"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235921 for CVE-2024-57893",
          "url": "https://bugzilla.suse.com/1235921"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-57893"
    },
    {
      "cve": "CVE-2024-57897",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57897"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Correct the migration DMA map direction\n\nThe SVM DMA device map direction should be set the same as\nthe DMA unmap setting, otherwise the DMA core will report\nthe following warning.\n\nBefore finialize this solution, there\u0027re some discussion on\nthe DMA mapping type(stream-based or coherent) in this KFD\nmigration case, followed by https://lore.kernel.org/all/04d4ab32\n-45a1-4b88-86ee-fb0f35a0ca40@amd.com/T/.\n\nAs there\u0027s no dma_sync_single_for_*() in the DMA buffer accessed\nthat because this migration operation should be sync properly and\nautomatically. Give that there\u0027s might not be a performance problem\nin various cache sync policy of DMA sync. Therefore, in order to\nsimplify the DMA direction setting alignment, let\u0027s set the DMA map\ndirection as BIDIRECTIONAL.\n\n[  150.834218] WARNING: CPU: 8 PID: 1812 at kernel/dma/debug.c:1028 check_unmap+0x1cc/0x930\n[  150.834225] Modules linked in: amdgpu(OE) amdxcp drm_exec(OE) gpu_sched drm_buddy(OE) drm_ttm_helper(OE) ttm(OE) drm_suballoc_helper(OE) drm_display_helper(OE) drm_kms_helper(OE) i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc sch_fq_codel intel_rapl_msr amd_atl intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd snd_pci_acp6x snd_hda_codec snd_acp_config snd_hda_core snd_hwdep snd_soc_acpi kvm_amd sunrpc snd_pcm kvm binfmt_misc snd_seq_midi crct10dif_pclmul snd_seq_midi_event ghash_clmulni_intel sha512_ssse3 snd_rawmidi nls_iso8859_1 sha256_ssse3 sha1_ssse3 snd_seq aesni_intel snd_seq_device crypto_simd snd_timer cryptd input_leds\n[  150.834310]  wmi_bmof serio_raw k10temp rapl snd sp5100_tco ipmi_devintf soundcore ccp ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport efi_pstore drm(OE) ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii\n[  150.834354] CPU: 8 PID: 1812 Comm: rocrtst64 Tainted: G           OE      6.10.0-custom #492\n[  150.834358] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021\n[  150.834360] RIP: 0010:check_unmap+0x1cc/0x930\n[  150.834363] Code: c0 4c 89 4d c8 e8 34 bf 86 00 4c 8b 4d c8 4c 8b 45 c0 48 8b 4d b8 48 89 c6 41 57 4c 89 ea 48 c7 c7 80 49 b4 84 e8 b4 81 f3 ff \u003c0f\u003e 0b 48 c7 c7 04 83 ac 84 e8 76 ba fc ff 41 8b 76 4c 49 8d 7e 50\n[  150.834365] RSP: 0018:ffffaac5023739e0 EFLAGS: 00010086\n[  150.834368] RAX: 0000000000000000 RBX: ffffffff8566a2e0 RCX: 0000000000000027\n[  150.834370] RDX: ffff8f6a8f621688 RSI: 0000000000000001 RDI: ffff8f6a8f621680\n[  150.834372] RBP: ffffaac502373a30 R08: 00000000000000c9 R09: ffffaac502373850\n[  150.834373] R10: ffffaac502373848 R11: ffffffff84f46328 R12: ffffaac502373a40\n[  150.834375] R13: ffff8f6741045330 R14: ffff8f6741a77700 R15: ffffffff84ac831b\n[  150.834377] FS:  00007faf0fc94c00(0000) GS:ffff8f6a8f600000(0000) knlGS:0000000000000000\n[  150.834379] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  150.834381] CR2: 00007faf0b600020 CR3: 000000010a52e000 CR4: 0000000000350ef0\n[  150.834383] Call Trace:\n[  150.834385]  \u003cTASK\u003e\n[  150.834387]  ? show_regs+0x6d/0x80\n[  150.834393]  ? __warn+0x8c/0x140\n[  150.834397]  ? check_unmap+0x1cc/0x930\n[  150.834400]  ? report_bug+0x193/0x1a0\n[  150.834406]  ? handle_bug+0x46/0x80\n[  150.834410]  ? exc_invalid_op+0x1d/0x80\n[  150.834413]  ? asm_exc_invalid_op+0x1f/0x30\n[  150.834420]  ? check_unmap+0x1cc/0x930\n[  150.834425]  debug_dma_unmap_page+0x86/0x90\n[  150.834431]  ? srso_return_thunk+0x5/0x5f\n[  150.834435] \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57897",
          "url": "https://www.suse.com/security/cve/CVE-2024-57897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235969 for CVE-2024-57897",
          "url": "https://bugzilla.suse.com/1235969"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-57897"
    },
    {
      "cve": "CVE-2024-8805",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-8805"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
          "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-8805",
          "url": "https://www.suse.com/security/cve/CVE-2024-8805"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230697 for CVE-2024-8805",
          "url": "https://bugzilla.suse.com/1230697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240804 for CVE-2024-8805",
          "url": "https://bugzilla.suse.com/1240804"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.109.1.noarch",
            "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.109.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.109.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-14T15:25:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-8805"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…