suse-su-2025:0564-1
Vulnerability from csaf_suse
Published
2025-02-17 13:26
Modified
2025-02-17 13:26
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161).
- CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947).
- CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487).
- CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390).
- CVE-2024-56633: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (bsc#1235485).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489).
- CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498).
- CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418).
- CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545).
- CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612).
- CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578).
- CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582).
- CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583).
- CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656).
- CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638).
- CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948).
- CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127).
- CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192).
- CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182).
- CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247).
- CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160).
- CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161).
- CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163).
- CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260).
- CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: fan: cleanup resources in the error path of .probe() (git-fixes).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes).
- ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes).
- ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686).
- ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes).
- ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: acp: Support microphone from Lenovo Go S (stable-fixes).
- ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes).
- ASoC: samsung: Add missing depends on I2C (git-fixes).
- ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes).
- ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes).
- ASoC: wm8994: Add depends on MFD core (stable-fixes).
- Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes).
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes).
- Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes).
- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
- HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes).
- HID: fix generic desktop D-Pad controls (git-fixes).
- HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes).
- HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes).
- HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes).
- Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes).
- Input: bbnsm_pwrkey - add remove hook (git-fixes).
- Input: davinci-keyscan - remove leftover header (git-fixes).
- Input: xpad - add QH Electronics VID/PID (stable-fixes).
- Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes).
- Input: xpad - add support for Nacon Pro Compact (stable-fixes).
- Input: xpad - add support for wooting two he (arm) (stable-fixes).
- Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes).
- Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes).
- KVM: Allow page-sized MMU caches to be initialized with custom 64-bit values (jsc#PED-6143).
- KVM: x86/mmu: Add Suppress VE bit to EPT shadow_mmio_mask/shadow_present_mask (jsc#PED-6143).
- KVM: x86/mmu: Allow non-zero value for non-present SPTE and removed SPTE (jsc#PED-6143).
- KVM: x86/mmu: Replace hardcoded value 0 for the initial value for SPTE (jsc#PED-6143).
- KVM: x86/mmu: Track shadow MMIO value on a per-VM basis (jsc#PED-6143).
- NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes).
- NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes).
- NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes).
- PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes).
- PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes).
- PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes).
- PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes).
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes).
- PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes).
- PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes).
- PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes).
- PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes).
- PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes).
- PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes).
- PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes).
- PM: hibernate: Add error handling for syscore_suspend() (git-fixes).
- RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes)
- RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes)
- RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes)
- RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes)
- RDMA/mlx5: Fix implicit ODP use after free (git-fixes)
- RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes)
- RDMA/rxe: Fix mismatched max_msg_sz (git-fixes)
- RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes)
- RDMA/srp: Fix error handling in srp_add_port (git-fixes)
- Remove 'iommu/arm-smmu: Defer probe of clients after smmu device bound', reverted by upstream.
- Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes).
- Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes).
- Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes).
- Revert 'Disable ceph'.
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes).
- VFS: use system_unbound_wq for delayed_mntput (bsc#1234683).
- VMCI: fix reference to ioctl-number.rst (git-fixes).
- afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes).
- afs: Fix cleanup of immediately failed async calls (git-fixes).
- afs: Fix directory format encoding struct (git-fixes).
- afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes).
- arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes)
- arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes)
- arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) Update arm64 default configuration file
- arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes)
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes)
- arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes)
- arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes)
- arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes)
- ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes).
- bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes).
- cpufreq: ACPI: Fix max-frequency computation (git-fixes).
- cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes).
- cpufreq: amd-pstate: remove global header file (git-fixes).
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes).
- cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes).
- cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpuidle: Avoid potential overflow in integer multiplication (git-fixes).
- cpupower: fix TSC MHz calculation (git-fixes).
- crypto: caam - use JobR's space to access page 0 regs (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes).
- crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes).
- crypto: qce - fix goto jump in error path (git-fixes).
- crypto: qce - fix priority to be less than ARMv8 CE (git-fixes).
- crypto: qce - unregister previously registered algos in error path (git-fixes).
- devcoredump: cleanup some comments (git-fixes).
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes).
- docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes).
- driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes).
- drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes).
- drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes).
- drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes).
- drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes).
- drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes).
- drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes).
- drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes).
- drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/msm/dp: set safe_to_exit_level before printing it (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes).
- drm/msm: Check return value of of_dma_configure() (git-fixes).
- drm/msm: do not clean up priv->kms prematurely (git-fixes).
- drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes).
- drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes).
- drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes).
- drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes).
- drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes).
- drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes).
- drm/v3d: Stop active perfmon if it is being destroyed (git-fixes).
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes).
- genksyms: fix memory leak when the same symbol is added from source (git-fixes).
- genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes).
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes).
- gpio: mxc: remove dead code after switch to DT-only (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes).
- hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes).
- ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).
- iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes).
- iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes).
- iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes).
- intel_th: core: fix kernel-doc warnings (git-fixes).
- ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes).
- ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes).
- kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes).
- kheaders: Ignore silly-rename files (stable-fixes).
- ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes).
- ktest.pl: Check kernelrelease return in get_version (git-fixes).
- ktest.pl: Fix typo 'accesing' (git-fixes).
- ktest.pl: Fix typo in comment (git-fixes).
- ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes).
- ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes).
- landlock: Handle weird files (git-fixes).
- latencytop: use correct kernel-doc format for func params (git-fixes).
- leds: lp8860: Write full EEPROM, not only half of it (git-fixes).
- leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes).
- lib/inflate.c: remove dead code (git-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- mac802154: check local interfaces before deleting sdata list (stable-fixes).
- mailbox: tegra-hsp: Clear mailbox before using message (git-fixes).
- maple_tree: simplify split calculation (git-fixes).
- media: camif-core: Add check for clk_enable() (git-fixes).
- media: ccs: Clean up parsed CCS static data on parse failure (git-fixes).
- media: ccs: Fix CCS static data parsing for large block sizes (git-fixes).
- media: ccs: Fix cleanup order in ccs_probe() (git-fixes).
- media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: imx412: Add missing newline to prints (git-fixes).
- media: i2c: ov9282: Correct the exposure offset (git-fixes).
- media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes).
- media: imx296: Add standby delay during probe (git-fixes).
- media: lmedm04: Handle errors for lme2510_int_read (git-fixes).
- media: marvell: Add check for clk_enable() (git-fixes).
- media: mc: fix endpoint iteration (git-fixes).
- media: mipi-csis: Add check for clk_enable() (git-fixes).
- media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: ov5640: fix get_light_freq on auto (git-fixes).
- media: rc: iguanair: handle timeouts (git-fixes).
- media: rkisp1: Fix unused value issue (git-fixes).
- media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes).
- media: uvcvideo: Fix double free in error path (git-fixes).
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes).
- media: uvcvideo: Only save async fh if success (git-fixes).
- media: uvcvideo: Propagate buf->error to userspace (git-fixes).
- media: uvcvideo: Remove dangling pointers (git-fixes).
- media: uvcvideo: Remove redundant NULL assignment (git-fixes).
- media: uvcvideo: Support partial control reads (git-fixes).
- memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes).
- misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes).
- misc: fastrpc: Fix copy buffer page size (git-fixes).
- misc: fastrpc: Fix registered buffer page address (git-fixes).
- misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/rodata_test: use READ_ONCE() to read const variable (git-fixes).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes).
- mtd: spinand: Remove write_enable_op() in markbad() (git-fixes).
- net/rose: prevent integer overflows in rose_setsockopt() (git-fixes).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes).
- net: rose: fix timer races against user threads (git-fixes).
- net: usb: rtl8150: enable basic endpoint checking (git-fixes).
- netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454).
- nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes).
- nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes).
- nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes).
- nvme: Add error path for xa_store in nvme_init_effects (git-fixes).
- nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes).
- nvmet: propagate npwg topology (git-fixes).
- padata: add pd get/put refcnt helper (git-fixes).
- padata: avoid UAF for reorder_work (git-fixes).
- padata: fix UAF in padata_reorder (git-fixes).
- pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes).
- pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes).
- pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes).
- power: ip5xxx_power: Fix return value on ADC read errors (git-fixes).
- powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199).
- pps: add an error check in parport_attach (git-fixes).
- pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes).
- printk: Add is_printk_legacy_deferred() (bsc#1236733).
- printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733).
- pwm: stm32-lp: Add check for clk_enable() (git-fixes).
- pwm: stm32: Add check for clk_enable() (git-fixes).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes)
- rcu/tree: Defer setting of jiffies during stall reset (git-fixes)
- rcu: Dump memory object info if callback function is invalid (git-fixes)
- rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes)
- rcuscale: Move rcu_scale_writer() (git-fixes)
- rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes)
- regulator: core: Add missing newline character (git-fixes).
- regulator: of: Implement the unwind path of of_regulator_match() (git-fixes).
- remoteproc: core: Fix ida_free call while not allocated (git-fixes).
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes).
- rtc: zynqmp: Fix optional clock name property (git-fixes).
- samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes).
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865).
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865).
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes).
- seccomp: Stub for !CONFIG_SECCOMP (stable-fixes).
- selftest: media_tests: fix trivial UAF typo (git-fixes).
- selftests/alsa: Fix circular dependency involving global-timer (stable-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/landlock: Fix error message (git-fixes).
- selftests/mm/cow: modify the incorrect checking parameters (git-fixes).
- selftests/powerpc: Fix argument order to timer_sub() (git-fixes).
- selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes).
- selftests: tc-testing: reduce rshift value (stable-fixes).
- selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes).
- selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes).
- serial: 8250: Adjust the timeout for FIFO mode (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes).
- serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes).
- soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes).
- soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- spi: zynq-qspi: Add check for clk_enable() (git-fixes).
- srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes)
- srcu: Only accelerate on enqueue time (git-fixes)
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes).
- staging: media: max96712: fix kernel oops when removing module (git-fixes).
- tools: Sync if_xdp.h uapi tooling header (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubifs: skip dumping tnc tree when zroot is null (git-fixes).
- uio: Fix return value of poll (git-fixes).
- uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes).
- usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes).
- usb: gadget: f_tcm: Do not free command immediately (git-fixes).
- usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes).
- usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes).
- usb: gadget: f_tcm: Translate error to sense (git-fixes).
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes).
- usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes).
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001)
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes).
- usbnet: ipheth: break up NCM header size computation (git-fixes).
- usbnet: ipheth: check that DPE points past NCM header (git-fixes).
- usbnet: ipheth: fix DPE OoB read (git-fixes).
- usbnet: ipheth: fix possible overflow in DPE length check (git-fixes).
- usbnet: ipheth: refactor NCM datagram loop (git-fixes).
- usbnet: ipheth: use static NDP16 location in URB (git-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes).
- wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes).
- wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes).
- wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes).
- wifi: cfg80211: adjust allocation of colocated AP data (git-fixes).
- wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes).
- wifi: mac80211: Fix common size calculation for ML element (git-fixes).
- wifi: mac80211: do not flush non-uploaded STAs (git-fixes).
- wifi: mac80211: fix tid removal during mesh forwarding (git-fixes).
- wifi: mac80211: prohibit deactivating all links (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes).
- wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes).
- wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes).
- wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes).
- wifi: mt76: mt7915: fix register mapping (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes).
- wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes).
- wifi: mt76: mt7996: add max mpdu len capability (git-fixes).
- wifi: mt76: mt7996: fix HE Phy capability (git-fixes).
- wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes).
- wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes).
- wifi: mt76: mt7996: fix ldpc setting (git-fixes).
- wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes).
- wifi: mt76: mt7996: fix register mapping (git-fixes).
- wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes).
- wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes).
- wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes).
- wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes).
- wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes).
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes).
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes).
- wifi: rtlwifi: remove unused check_buddy_priv (git-fixes).
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes).
- wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes).
- wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes).
- wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes).
- wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes).
- wifi: wcn36xx: fix channel survey memory allocation size (git-fixes).
- wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes).
- workqueue: Add rcu lock check at the end of work item execution (bsc#1236732).
- xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes).
- xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes).
Patchnames
SUSE-2025-564,SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-564
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161).\n- CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947).\n- CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).\n- CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in \u0027dcn21_link_encoder_create\u0027 (bsc#1235487).\n- CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390).\n- CVE-2024-56633: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (bsc#1235485).\n- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489).\n- CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498).\n- CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418).\n- CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545).\n- CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612).\n- CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578).\n- CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582).\n- CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583).\n- CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656).\n- CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638).\n- CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948).\n- CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127).\n- CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192).\n- CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182).\n- CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247).\n- CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160).\n- CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161).\n- CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163).\n- CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260).\n- CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: fan: cleanup resources in the error path of .probe() (git-fixes).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes).\n- ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes).\n- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes).\n- ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes).\n- ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686).\n- ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes).\n- ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: acp: Support microphone from Lenovo Go S (stable-fixes).\n- ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes).\n- ASoC: samsung: Add missing depends on I2C (git-fixes).\n- ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes).\n- ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes).\n- ASoC: wm8994: Add depends on MFD core (stable-fixes).\n- Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes).\n- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes).\n- Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes).\n- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).\n- HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes).\n- HID: fix generic desktop D-Pad controls (git-fixes).\n- HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes).\n- HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes).\n- HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes).\n- Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes).\n- Input: bbnsm_pwrkey - add remove hook (git-fixes).\n- Input: davinci-keyscan - remove leftover header (git-fixes).\n- Input: xpad - add QH Electronics VID/PID (stable-fixes).\n- Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes).\n- Input: xpad - add support for Nacon Pro Compact (stable-fixes).\n- Input: xpad - add support for wooting two he (arm) (stable-fixes).\n- Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes).\n- Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes).\n- KVM: Allow page-sized MMU caches to be initialized with custom 64-bit values (jsc#PED-6143).\n- KVM: x86/mmu: Add Suppress VE bit to EPT shadow_mmio_mask/shadow_present_mask (jsc#PED-6143).\n- KVM: x86/mmu: Allow non-zero value for non-present SPTE and removed SPTE (jsc#PED-6143).\n- KVM: x86/mmu: Replace hardcoded value 0 for the initial value for SPTE (jsc#PED-6143).\n- KVM: x86/mmu: Track shadow MMIO value on a per-VM basis (jsc#PED-6143).\n- NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes).\n- NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes).\n- NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes).\n- PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes).\n- PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes).\n- PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes).\n- PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes).\n- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes).\n- PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes).\n- PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes).\n- PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes).\n- PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes).\n- PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes).\n- PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes).\n- PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes).\n- PM: hibernate: Add error handling for syscore_suspend() (git-fixes).\n- RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes)\n- RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes)\n- RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes)\n- RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes)\n- RDMA/mlx5: Fix implicit ODP use after free (git-fixes)\n- RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes)\n- RDMA/rxe: Fix mismatched max_msg_sz (git-fixes)\n- RDMA/rxe: Fix the warning \u0027__rxe_cleanup+0x12c/0x170 [rdma_rxe]\u0027 (git-fixes)\n- RDMA/srp: Fix error handling in srp_add_port (git-fixes)\n- Remove \u0027iommu/arm-smmu: Defer probe of clients after smmu device bound\u0027, reverted by upstream.\n- Revert \u0027HID: multitouch: Add support for lenovo Y9000P Touchpad\u0027 (stable-fixes).\n- Revert \u0027drm/i915/dpt: Make DPT object unshrinkable\u0027 (stable-fixes).\n- Revert \u0027usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null\u0027 (stable-fixes).\n- Revert \u0027Disable ceph\u0027.\n- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes).\n- VFS: use system_unbound_wq for delayed_mntput (bsc#1234683).\n- VMCI: fix reference to ioctl-number.rst (git-fixes).\n- afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes).\n- afs: Fix cleanup of immediately failed async calls (git-fixes).\n- afs: Fix directory format encoding struct (git-fixes).\n- afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes).\n- arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes)\n- arm64: Filter out SVE hwcaps when FEAT_SVE isn\u0027t implemented (git-fixes)\n- arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) Update arm64 default configuration file\n- arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes)\n- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes)\n- arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes)\n- arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes)\n- arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes)\n- ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes).\n- bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes).\n- cpufreq: ACPI: Fix max-frequency computation (git-fixes).\n- cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes).\n- cpufreq: amd-pstate: remove global header file (git-fixes).\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes).\n- cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes).\n- cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpuidle: Avoid potential overflow in integer multiplication (git-fixes).\n- cpupower: fix TSC MHz calculation (git-fixes).\n- crypto: caam - use JobR\u0027s space to access page 0 regs (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to \u0027async\u0027 (git-fixes).\n- crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes).\n- crypto: qce - fix goto jump in error path (git-fixes).\n- crypto: qce - fix priority to be less than ARMv8 CE (git-fixes).\n- crypto: qce - unregister previously registered algos in error path (git-fixes).\n- devcoredump: cleanup some comments (git-fixes).\n- dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes).\n- docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes).\n- driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes).\n- drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes).\n- drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes).\n- drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes).\n- drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes).\n- drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes).\n- drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes).\n- drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes).\n- drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/msm/dp: set safe_to_exit_level before printing it (git-fixes).\n- drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes).\n- drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes).\n- drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes).\n- drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes).\n- drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes).\n- drm/msm: Check return value of of_dma_configure() (git-fixes).\n- drm/msm: do not clean up priv-\u003ekms prematurely (git-fixes).\n- drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes).\n- drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes).\n- drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes).\n- drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes).\n- drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes).\n- drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes).\n- drm/v3d: Stop active perfmon if it is being destroyed (git-fixes).\n- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes).\n- genksyms: fix memory leak when the same symbol is added from source (git-fixes).\n- genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes).\n- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes).\n- gpio: mxc: remove dead code after switch to DT-only (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes).\n- hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes).\n- ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).\n- iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes).\n- iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes).\n- iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes).\n- intel_th: core: fix kernel-doc warnings (git-fixes).\n- ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes).\n- ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes).\n- kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes).\n- kheaders: Ignore silly-rename files (stable-fixes).\n- ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes).\n- ktest.pl: Check kernelrelease return in get_version (git-fixes).\n- ktest.pl: Fix typo \u0027accesing\u0027 (git-fixes).\n- ktest.pl: Fix typo in comment (git-fixes).\n- ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes).\n- ktest: force $buildonly = 1 for \u0027make_warnings_file\u0027 test type (stable-fixes).\n- landlock: Handle weird files (git-fixes).\n- latencytop: use correct kernel-doc format for func params (git-fixes).\n- leds: lp8860: Write full EEPROM, not only half of it (git-fixes).\n- leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes).\n- lib/inflate.c: remove dead code (git-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- mac802154: check local interfaces before deleting sdata list (stable-fixes).\n- mailbox: tegra-hsp: Clear mailbox before using message (git-fixes).\n- maple_tree: simplify split calculation (git-fixes).\n- media: camif-core: Add check for clk_enable() (git-fixes).\n- media: ccs: Clean up parsed CCS static data on parse failure (git-fixes).\n- media: ccs: Fix CCS static data parsing for large block sizes (git-fixes).\n- media: ccs: Fix cleanup order in ccs_probe() (git-fixes).\n- media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: imx412: Add missing newline to prints (git-fixes).\n- media: i2c: ov9282: Correct the exposure offset (git-fixes).\n- media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes).\n- media: imx296: Add standby delay during probe (git-fixes).\n- media: lmedm04: Handle errors for lme2510_int_read (git-fixes).\n- media: marvell: Add check for clk_enable() (git-fixes).\n- media: mc: fix endpoint iteration (git-fixes).\n- media: mipi-csis: Add check for clk_enable() (git-fixes).\n- media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: ov5640: fix get_light_freq on auto (git-fixes).\n- media: rc: iguanair: handle timeouts (git-fixes).\n- media: rkisp1: Fix unused value issue (git-fixes).\n- media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes).\n- media: uvcvideo: Fix double free in error path (git-fixes).\n- media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes).\n- media: uvcvideo: Only save async fh if success (git-fixes).\n- media: uvcvideo: Propagate buf-\u003eerror to userspace (git-fixes).\n- media: uvcvideo: Remove dangling pointers (git-fixes).\n- media: uvcvideo: Remove redundant NULL assignment (git-fixes).\n- media: uvcvideo: Support partial control reads (git-fixes).\n- memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes).\n- misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes).\n- misc: fastrpc: Fix copy buffer page size (git-fixes).\n- misc: fastrpc: Fix registered buffer page address (git-fixes).\n- misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/rodata_test: use READ_ONCE() to read const variable (git-fixes).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes).\n- mtd: spinand: Remove write_enable_op() in markbad() (git-fixes).\n- net/rose: prevent integer overflows in rose_setsockopt() (git-fixes).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Cleanup \u0027mana\u0027 debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes).\n- net: rose: fix timer races against user threads (git-fixes).\n- net: usb: rtl8150: enable basic endpoint checking (git-fixes).\n- netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454).\n- nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes).\n- nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes).\n- nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes).\n- nvme: Add error path for xa_store in nvme_init_effects (git-fixes).\n- nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes).\n- nvmet: propagate npwg topology (git-fixes).\n- padata: add pd get/put refcnt helper (git-fixes).\n- padata: avoid UAF for reorder_work (git-fixes).\n- padata: fix UAF in padata_reorder (git-fixes).\n- pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes).\n- pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes).\n- pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes).\n- power: ip5xxx_power: Fix return value on ADC read errors (git-fixes).\n- powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199).\n- pps: add an error check in parport_attach (git-fixes).\n- pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes).\n- printk: Add is_printk_legacy_deferred() (bsc#1236733).\n- printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733).\n- pwm: stm32-lp: Add check for clk_enable() (git-fixes).\n- pwm: stm32: Add check for clk_enable() (git-fixes).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rcu-tasks: Pull sampling of -\u003epercpu_dequeue_lim out of loop (git-fixes)\n- rcu/tree: Defer setting of jiffies during stall reset (git-fixes)\n- rcu: Dump memory object info if callback function is invalid (git-fixes)\n- rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes)\n- rcuscale: Move rcu_scale_writer() (git-fixes)\n- rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes)\n- regulator: core: Add missing newline character (git-fixes).\n- regulator: of: Implement the unwind path of of_regulator_match() (git-fixes).\n- remoteproc: core: Fix ida_free call while not allocated (git-fixes).\n- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes).\n- rtc: zynqmp: Fix optional clock name property (git-fixes).\n- samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes).\n- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865).\n- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865).\n- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes).\n- seccomp: Stub for !CONFIG_SECCOMP (stable-fixes).\n- selftest: media_tests: fix trivial UAF typo (git-fixes).\n- selftests/alsa: Fix circular dependency involving global-timer (stable-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/landlock: Fix error message (git-fixes).\n- selftests/mm/cow: modify the incorrect checking parameters (git-fixes).\n- selftests/powerpc: Fix argument order to timer_sub() (git-fixes).\n- selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes).\n- selftests: tc-testing: reduce rshift value (stable-fixes).\n- selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes).\n- selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes).\n- serial: 8250: Adjust the timeout for FIFO mode (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes).\n- serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes).\n- soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes).\n- soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- spi: zynq-qspi: Add check for clk_enable() (git-fixes).\n- srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes)\n- srcu: Only accelerate on enqueue time (git-fixes)\n- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes).\n- staging: media: max96712: fix kernel oops when removing module (git-fixes).\n- tools: Sync if_xdp.h uapi tooling header (git-fixes).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubifs: skip dumping tnc tree when zroot is null (git-fixes).\n- uio: Fix return value of poll (git-fixes).\n- uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes).\n- usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes).\n- usb: gadget: f_tcm: Do not free command immediately (git-fixes).\n- usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes).\n- usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes).\n- usb: gadget: f_tcm: Translate error to sense (git-fixes).\n- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes).\n- usb: host: xhci-plat: Assign shared_hcd-\u003ersrc_start (git-fixes).\n- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001)\n- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes).\n- usbnet: ipheth: break up NCM header size computation (git-fixes).\n- usbnet: ipheth: check that DPE points past NCM header (git-fixes).\n- usbnet: ipheth: fix DPE OoB read (git-fixes).\n- usbnet: ipheth: fix possible overflow in DPE length check (git-fixes).\n- usbnet: ipheth: refactor NCM datagram loop (git-fixes).\n- usbnet: ipheth: use static NDP16 location in URB (git-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes).\n- wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes).\n- wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes).\n- wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes).\n- wifi: cfg80211: adjust allocation of colocated AP data (git-fixes).\n- wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes).\n- wifi: mac80211: Fix common size calculation for ML element (git-fixes).\n- wifi: mac80211: do not flush non-uploaded STAs (git-fixes).\n- wifi: mac80211: fix tid removal during mesh forwarding (git-fixes).\n- wifi: mac80211: prohibit deactivating all links (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes).\n- wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes).\n- wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes).\n- wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes).\n- wifi: mt76: mt7915: fix register mapping (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes).\n- wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes).\n- wifi: mt76: mt7996: add max mpdu len capability (git-fixes).\n- wifi: mt76: mt7996: fix HE Phy capability (git-fixes).\n- wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes).\n- wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes).\n- wifi: mt76: mt7996: fix ldpc setting (git-fixes).\n- wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes).\n- wifi: mt76: mt7996: fix register mapping (git-fixes).\n- wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes).\n- wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes).\n- wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes).\n- wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes).\n- wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes).\n- wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes).\n- wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes).\n- wifi: rtlwifi: remove unused check_buddy_priv (git-fixes).\n- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes).\n- wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes).\n- wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes).\n- wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes).\n- wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes).\n- wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes).\n- wifi: wcn36xx: fix channel survey memory allocation size (git-fixes).\n- wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes).\n- workqueue: Add rcu lock check at the end of work item execution (bsc#1236732).\n- xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes).\n- xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-564,SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-564",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0564-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0564-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250564-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0564-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020361.html"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1226980",
"url": "https://bugzilla.suse.com/1226980"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1232101",
"url": "https://bugzilla.suse.com/1232101"
},
{
"category": "self",
"summary": "SUSE Bug 1232161",
"url": "https://bugzilla.suse.com/1232161"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233778",
"url": "https://bugzilla.suse.com/1233778"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234683",
"url": "https://bugzilla.suse.com/1234683"
},
{
"category": "self",
"summary": "SUSE Bug 1234693",
"url": "https://bugzilla.suse.com/1234693"
},
{
"category": "self",
"summary": "SUSE Bug 1234947",
"url": "https://bugzilla.suse.com/1234947"
},
{
"category": "self",
"summary": "SUSE Bug 1235001",
"url": "https://bugzilla.suse.com/1235001"
},
{
"category": "self",
"summary": "SUSE Bug 1235217",
"url": "https://bugzilla.suse.com/1235217"
},
{
"category": "self",
"summary": "SUSE Bug 1235230",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235390",
"url": "https://bugzilla.suse.com/1235390"
},
{
"category": "self",
"summary": "SUSE Bug 1235418",
"url": "https://bugzilla.suse.com/1235418"
},
{
"category": "self",
"summary": "SUSE Bug 1235430",
"url": "https://bugzilla.suse.com/1235430"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235487",
"url": "https://bugzilla.suse.com/1235487"
},
{
"category": "self",
"summary": "SUSE Bug 1235489",
"url": "https://bugzilla.suse.com/1235489"
},
{
"category": "self",
"summary": "SUSE Bug 1235498",
"url": "https://bugzilla.suse.com/1235498"
},
{
"category": "self",
"summary": "SUSE Bug 1235545",
"url": "https://bugzilla.suse.com/1235545"
},
{
"category": "self",
"summary": "SUSE Bug 1235578",
"url": "https://bugzilla.suse.com/1235578"
},
{
"category": "self",
"summary": "SUSE Bug 1235582",
"url": "https://bugzilla.suse.com/1235582"
},
{
"category": "self",
"summary": "SUSE Bug 1235583",
"url": "https://bugzilla.suse.com/1235583"
},
{
"category": "self",
"summary": "SUSE Bug 1235612",
"url": "https://bugzilla.suse.com/1235612"
},
{
"category": "self",
"summary": "SUSE Bug 1235638",
"url": "https://bugzilla.suse.com/1235638"
},
{
"category": "self",
"summary": "SUSE Bug 1235656",
"url": "https://bugzilla.suse.com/1235656"
},
{
"category": "self",
"summary": "SUSE Bug 1235686",
"url": "https://bugzilla.suse.com/1235686"
},
{
"category": "self",
"summary": "SUSE Bug 1235865",
"url": "https://bugzilla.suse.com/1235865"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235941",
"url": "https://bugzilla.suse.com/1235941"
},
{
"category": "self",
"summary": "SUSE Bug 1235948",
"url": "https://bugzilla.suse.com/1235948"
},
{
"category": "self",
"summary": "SUSE Bug 1236127",
"url": "https://bugzilla.suse.com/1236127"
},
{
"category": "self",
"summary": "SUSE Bug 1236160",
"url": "https://bugzilla.suse.com/1236160"
},
{
"category": "self",
"summary": "SUSE Bug 1236161",
"url": "https://bugzilla.suse.com/1236161"
},
{
"category": "self",
"summary": "SUSE Bug 1236163",
"url": "https://bugzilla.suse.com/1236163"
},
{
"category": "self",
"summary": "SUSE Bug 1236182",
"url": "https://bugzilla.suse.com/1236182"
},
{
"category": "self",
"summary": "SUSE Bug 1236192",
"url": "https://bugzilla.suse.com/1236192"
},
{
"category": "self",
"summary": "SUSE Bug 1236245",
"url": "https://bugzilla.suse.com/1236245"
},
{
"category": "self",
"summary": "SUSE Bug 1236247",
"url": "https://bugzilla.suse.com/1236247"
},
{
"category": "self",
"summary": "SUSE Bug 1236260",
"url": "https://bugzilla.suse.com/1236260"
},
{
"category": "self",
"summary": "SUSE Bug 1236262",
"url": "https://bugzilla.suse.com/1236262"
},
{
"category": "self",
"summary": "SUSE Bug 1236628",
"url": "https://bugzilla.suse.com/1236628"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236688",
"url": "https://bugzilla.suse.com/1236688"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236696",
"url": "https://bugzilla.suse.com/1236696"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236703",
"url": "https://bugzilla.suse.com/1236703"
},
{
"category": "self",
"summary": "SUSE Bug 1236732",
"url": "https://bugzilla.suse.com/1236732"
},
{
"category": "self",
"summary": "SUSE Bug 1236733",
"url": "https://bugzilla.suse.com/1236733"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53187 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53203 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56600 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56608 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56610 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56665 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56679 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56693 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56707 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56715 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56725 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56726 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56728 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56763 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57802 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57917 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57931 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57946 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21652 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21655 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21655/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21663 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21674 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21682 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21682/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-02-17T13:26:35Z",
"generator": {
"date": "2025-02-17T13:26:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0564-1",
"initial_release_date": "2025-02-17T13:26:35Z",
"revision_history": [
{
"date": "2025-02-17T13:26:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"product": {
"name": "kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"product_id": "kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"product": {
"name": "kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"product_id": "kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "cluster-md-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "cluster-md-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "dlm-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "dlm-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "gfs2-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "gfs2-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-extra-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-extra-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco-extra-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-livepatch-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-livepatch-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco-livepatch-devel-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-optional-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-optional-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco-optional-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-vdso-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-vdso-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco-vdso-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-vdso-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-vdso-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-vdso-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "kselftests-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "kselftests-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "ocfs2-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "ocfs2-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product": {
"name": "reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"product_id": "reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-confidential-computing:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch"
},
"product_reference": "kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch"
},
"product_reference": "kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
},
"product_reference": "kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
},
"product_reference": "reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-49948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add more sanity checks to qdisc_pkt_len_init()\n\nOne path takes care of SKB_GSO_DODGY, assuming\nskb-\u003elen is bigger than hdr_len.\n\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\n\nIt is possible for an user to provide a malicious \u0027GSO\u0027 packet,\ntotal length of 80 bytes.\n\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\n\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\n\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)-\u003epkt_len.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49948",
"url": "https://www.suse.com/security/cve/CVE-2024-49948"
},
{
"category": "external",
"summary": "SUSE Bug 1232161 for CVE-2024-49948",
"url": "https://bugzilla.suse.com/1232161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-49948"
},
{
"cve": "CVE-2024-49978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngso: fix udp gso fraglist segmentation after pull from frag_list\n\nDetect gso fraglist skbs with corrupted geometry (see below) and\npass these to skb_segment instead of skb_segment_list, as the first\ncan segment them correctly.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify these skbs, breaking these invariants.\n\nIn extreme cases they pull all data into skb linear. For UDP, this\ncauses a NULL ptr deref in __udpv4_gso_segment_list_csum at\nudp_hdr(seg-\u003enext)-\u003edest.\n\nDetect invalid geometry due to pull, by checking head_skb size.\nDon\u0027t just drop, as this may blackhole a destination. Convert to be\nable to pass to regular skb_segment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49978",
"url": "https://www.suse.com/security/cve/CVE-2024-49978"
},
{
"category": "external",
"summary": "SUSE Bug 1232101 for CVE-2024-49978",
"url": "https://bugzilla.suse.com/1232101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-49978"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check for overflows in io_pin_pages\n\nWARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144\nCPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0\nCall Trace:\n \u003cTASK\u003e\n __io_uaddr_map+0xfb/0x2d0 io_uring/memmap.c:183\n io_rings_map io_uring/io_uring.c:2611 [inline]\n io_allocate_scq_urings+0x1c0/0x650 io_uring/io_uring.c:3470\n io_uring_create+0x5b5/0xc00 io_uring/io_uring.c:3692\n io_uring_setup io_uring/io_uring.c:3781 [inline]\n ...\n \u003c/TASK\u003e\n\nio_pin_pages()\u0027s uaddr parameter came directly from the user and can be\ngarbage. Don\u0027t just add size to it as it can overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53187",
"url": "https://www.suse.com/security/cve/CVE-2024-53187"
},
{
"category": "external",
"summary": "SUSE Bug 1234947 for CVE-2024-53187",
"url": "https://bugzilla.suse.com/1234947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-53187"
},
{
"cve": "CVE-2024-53203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53203"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: fix potential array underflow in ucsi_ccg_sync_control()\n\nThe \"command\" variable can be controlled by the user via debugfs. The\nworry is that if con_index is zero then \"\u0026uc-\u003eucsi-\u003econnector[con_index\n- 1]\" would be an array underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53203",
"url": "https://www.suse.com/security/cve/CVE-2024-53203"
},
{
"category": "external",
"summary": "SUSE Bug 1235001 for CVE-2024-53203",
"url": "https://bugzilla.suse.com/1235001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-53203"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet6: do not leave a dangling sk pointer in inet6_create()\n\nsock_init_data() attaches the allocated sk pointer to the provided sock\nobject. If inet6_create() fails later, the sk object is released, but the\nsock object retains the dangling sk pointer, which may cause use-after-free\nlater.\n\nClear the sock sk pointer on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56600",
"url": "https://www.suse.com/security/cve/CVE-2024-56600"
},
{
"category": "external",
"summary": "SUSE Bug 1235217 for CVE-2024-56600",
"url": "https://bugzilla.suse.com/1235217"
},
{
"category": "external",
"summary": "SUSE Bug 1235218 for CVE-2024-56600",
"url": "https://bugzilla.suse.com/1235218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "important"
}
],
"title": "CVE-2024-56600"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56608"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix out-of-bounds access in \u0027dcn21_link_encoder_create\u0027\n\nAn issue was identified in the dcn21_link_encoder_create function where\nan out-of-bounds access could occur when the hpd_source index was used\nto reference the link_enc_hpd_regs array. This array has a fixed size\nand the index was not being checked against the array\u0027s bounds before\naccessing it.\n\nThis fix adds a conditional check to ensure that the hpd_source index is\nwithin the valid range of the link_enc_hpd_regs array. If the index is\nout of bounds, the function now returns NULL to prevent undefined\nbehavior.\n\nReferences:\n\n[ 65.920507] ------------[ cut here ]------------\n[ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29\n[ 65.920519] index 7 is out of range for type \u0027dcn10_link_enc_hpd_registers [5]\u0027\n[ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13\n[ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020\n[ 65.920527] Call Trace:\n[ 65.920529] \u003cTASK\u003e\n[ 65.920532] dump_stack_lvl+0x48/0x70\n[ 65.920541] dump_stack+0x10/0x20\n[ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0\n[ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu]\n[ 65.921009] link_create+0x6d3/0xed0 [amdgpu]\n[ 65.921355] create_links+0x18a/0x4e0 [amdgpu]\n[ 65.921679] dc_create+0x360/0x720 [amdgpu]\n[ 65.921999] ? dmi_matches+0xa0/0x220\n[ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu]\n[ 65.922342] ? console_unlock+0x77/0x120\n[ 65.922348] ? dev_printk_emit+0x86/0xb0\n[ 65.922354] dm_hw_init+0x15/0x40 [amdgpu]\n[ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu]\n[ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu]\n[ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu]\n[ 65.923087] local_pci_probe+0x4b/0xb0\n[ 65.923087] pci_device_probe+0xc8/0x280\n[ 65.923087] really_probe+0x187/0x300\n[ 65.923087] __driver_probe_device+0x85/0x130\n[ 65.923087] driver_probe_device+0x24/0x110\n[ 65.923087] __driver_attach+0xac/0x1d0\n[ 65.923087] ? __pfx___driver_attach+0x10/0x10\n[ 65.923087] bus_for_each_dev+0x7d/0xd0\n[ 65.923087] driver_attach+0x1e/0x30\n[ 65.923087] bus_add_driver+0xf2/0x200\n[ 65.923087] driver_register+0x64/0x130\n[ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu]\n[ 65.923087] __pci_register_driver+0x61/0x70\n[ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu]\n[ 65.923087] do_one_initcall+0x49/0x310\n[ 65.923087] ? kmalloc_trace+0x136/0x360\n[ 65.923087] do_init_module+0x6a/0x270\n[ 65.923087] load_module+0x1fce/0x23a0\n[ 65.923087] init_module_from_file+0x9c/0xe0\n[ 65.923087] ? init_module_from_file+0x9c/0xe0\n[ 65.923087] idempotent_init_module+0x179/0x230\n[ 65.923087] __x64_sys_finit_module+0x5d/0xa0\n[ 65.923087] do_syscall_64+0x76/0x120\n[ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 65.923087] RIP: 0033:0x7f2d80f1e88d\n[ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48\n[ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n[ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d\n[ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f\n[ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002\n[ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480\n[ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0\n[ 65.923087] \u003c/TASK\u003e\n[ 65.923927] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56608",
"url": "https://www.suse.com/security/cve/CVE-2024-56608"
},
{
"category": "external",
"summary": "SUSE Bug 1235487 for CVE-2024-56608",
"url": "https://bugzilla.suse.com/1235487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56608"
},
{
"cve": "CVE-2024-56610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56610"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcsan: Turn report_filterlist_lock into a raw_spinlock\n\nRan Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see\nsplats like:\n\n| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n| in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n| preempt_count: 10002, expected: 0\n| RCU nest depth: 0, expected: 0\n| no locks held by swapper/1/0.\n| irq event stamp: 156674\n| hardirqs last enabled at (156673): [\u003cffffffff81130bd9\u003e] do_idle+0x1f9/0x240\n| hardirqs last disabled at (156674): [\u003cffffffff82254f84\u003e] sysvec_apic_timer_interrupt+0x14/0xc0\n| softirqs last enabled at (0): [\u003cffffffff81099f47\u003e] copy_process+0xfc7/0x4b60\n| softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n| Preemption disabled at:\n| [\u003cffffffff814a3e2a\u003e] paint_ptr+0x2a/0x90\n| CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3\n| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014\n| Call Trace:\n| \u003cIRQ\u003e\n| dump_stack_lvl+0x7e/0xc0\n| dump_stack+0x1d/0x30\n| __might_resched+0x1a2/0x270\n| rt_spin_lock+0x68/0x170\n| kcsan_skip_report_debugfs+0x43/0xe0\n| print_report+0xb5/0x590\n| kcsan_report_known_origin+0x1b1/0x1d0\n| kcsan_setup_watchpoint+0x348/0x650\n| __tsan_unaligned_write1+0x16d/0x1d0\n| hrtimer_interrupt+0x3d6/0x430\n| __sysvec_apic_timer_interrupt+0xe8/0x3a0\n| sysvec_apic_timer_interrupt+0x97/0xc0\n| \u003c/IRQ\u003e\n\nOn a detected data race, KCSAN\u0027s reporting logic checks if it should\nfilter the report. That list is protected by the report_filterlist_lock\n*non-raw* spinlock which may sleep on RT kernels.\n\nSince KCSAN may report data races in any context, convert it to a\nraw_spinlock.\n\nThis requires being careful about when to allocate memory for the filter\nlist itself which can be done via KCSAN\u0027s debugfs interface. Concurrent\nmodification of the filter list via debugfs should be rare: the chosen\nstrategy is to optimistically pre-allocate memory before the critical\nsection and discard if unused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56610",
"url": "https://www.suse.com/security/cve/CVE-2024-56610"
},
{
"category": "external",
"summary": "SUSE Bug 1235390 for CVE-2024-56610",
"url": "https://bugzilla.suse.com/1235390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56610"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix LED ID check in led_tg_check()\n\nSyzbot has reported the following BUG detected by KASAN:\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70\nRead of size 1 at addr ffff8881022da0c8 by task repro/5879\n...\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x241/0x360\n ? __pfx_dump_stack_lvl+0x10/0x10\n ? __pfx__printk+0x10/0x10\n ? _printk+0xd5/0x120\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n print_report+0x169/0x550\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x45f/0x530\n ? __phys_addr+0xba/0x170\n ? strlen+0x58/0x70\n kasan_report+0x143/0x180\n ? strlen+0x58/0x70\n strlen+0x58/0x70\n kstrdup+0x20/0x80\n led_tg_check+0x18b/0x3c0\n xt_check_target+0x3bb/0xa40\n ? __pfx_xt_check_target+0x10/0x10\n ? stack_depot_save_flags+0x6e4/0x830\n ? nft_target_init+0x174/0xc30\n nft_target_init+0x82d/0xc30\n ? __pfx_nft_target_init+0x10/0x10\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? rcu_is_watching+0x15/0xb0\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? __kmalloc_noprof+0x21a/0x400\n nf_tables_newrule+0x1860/0x2980\n ? __pfx_nf_tables_newrule+0x10/0x10\n ? __nla_parse+0x40/0x60\n nfnetlink_rcv+0x14e5/0x2ab0\n ? __pfx_validate_chain+0x10/0x10\n ? __pfx_nfnetlink_rcv+0x10/0x10\n ? __lock_acquire+0x1384/0x2050\n ? netlink_deliver_tap+0x2e/0x1b0\n ? __pfx_lock_release+0x10/0x10\n ? netlink_deliver_tap+0x2e/0x1b0\n netlink_unicast+0x7f8/0x990\n ? __pfx_netlink_unicast+0x10/0x10\n ? __virt_addr_valid+0x183/0x530\n ? __check_object_size+0x48e/0x900\n netlink_sendmsg+0x8e4/0xcb0\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? aa_sock_msg_perm+0x91/0x160\n ? __pfx_netlink_sendmsg+0x10/0x10\n __sock_sendmsg+0x223/0x270\n ____sys_sendmsg+0x52a/0x7e0\n ? __pfx_____sys_sendmsg+0x10/0x10\n __sys_sendmsg+0x292/0x380\n ? __pfx___sys_sendmsg+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? exc_page_fault+0x590/0x8c0\n ? do_syscall_64+0xb6/0x230\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nSince an invalid (without \u0027\\0\u0027 byte at all) byte sequence may be passed\nfrom userspace, add an extra check to ensure that such a sequence is\nrejected as possible ID and so never passed to \u0027kstrdup()\u0027 and further.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56650",
"url": "https://www.suse.com/security/cve/CVE-2024-56650"
},
{
"category": "external",
"summary": "SUSE Bug 1235430 for CVE-2024-56650",
"url": "https://bugzilla.suse.com/1235430"
},
{
"category": "external",
"summary": "SUSE Bug 1235431 for CVE-2024-56650",
"url": "https://bugzilla.suse.com/1235431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "important"
}
],
"title": "CVE-2024-56650"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog\n\nSyzbot reported [1] crash that happens for following tracing scenario:\n\n - create tracepoint perf event with attr.inherit=1, attach it to the\n process and set bpf program to it\n - attached process forks -\u003e chid creates inherited event\n\n the new child event shares the parent\u0027s bpf program and tp_event\n (hence prog_array) which is global for tracepoint\n\n - exit both process and its child -\u003e release both events\n - first perf_event_detach_bpf_prog call will release tp_event-\u003eprog_array\n and second perf_event_detach_bpf_prog will crash, because\n tp_event-\u003eprog_array is NULL\n\nThe fix makes sure the perf_event_detach_bpf_prog checks prog_array\nis valid before it tries to remove the bpf program from it.\n\n[1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56665",
"url": "https://www.suse.com/security/cve/CVE-2024-56665"
},
{
"category": "external",
"summary": "SUSE Bug 1235489 for CVE-2024-56665",
"url": "https://bugzilla.suse.com/1235489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56665"
},
{
"cve": "CVE-2024-56679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56679",
"url": "https://www.suse.com/security/cve/CVE-2024-56679"
},
{
"category": "external",
"summary": "SUSE Bug 1235498 for CVE-2024-56679",
"url": "https://bugzilla.suse.com/1235498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56679"
},
{
"cve": "CVE-2024-56693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbrd: defer automatic disk creation until module initialization succeeds\n\nMy colleague Wupeng found the following problems during fault injection:\n\nBUG: unable to handle page fault for address: fffffbfff809d073\nPGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:__asan_load8+0x4c/0xa0\n...\nCall Trace:\n \u003cTASK\u003e\n blkdev_put_whole+0x41/0x70\n bdev_release+0x1a3/0x250\n blkdev_release+0x11/0x20\n __fput+0x1d7/0x4a0\n task_work_run+0xfc/0x180\n syscall_exit_to_user_mode+0x1de/0x1f0\n do_syscall_64+0x6b/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nloop_init() is calling loop_add() after __register_blkdev() succeeds and\nis ignoring disk_add() failure from loop_add(), for loop_add() failure\nis not fatal and successfully created disks are already visible to\nbdev_open().\n\nbrd_init() is currently calling brd_alloc() before __register_blkdev()\nsucceeds and is releasing successfully created disks when brd_init()\nreturns an error. This can cause UAF for the latter two case:\n\ncase 1:\n T1:\nmodprobe brd\n brd_init\n brd_alloc(0) // success\n add_disk\n disk_scan_partitions\n bdev_file_open_by_dev // alloc file\n fput // won\u0027t free until back to userspace\n brd_alloc(1) // failed since mem alloc error inject\n // error path for modprobe will release code segment\n // back to userspace\n __fput\n blkdev_release\n bdev_release\n blkdev_put_whole\n bdev-\u003ebd_disk-\u003efops-\u003erelease // fops is freed now, UAF!\n\ncase 2:\n T1: T2:\nmodprobe brd\n brd_init\n brd_alloc(0) // success\n open(/dev/ram0)\n brd_alloc(1) // fail\n // error path for modprobe\n\n close(/dev/ram0)\n ...\n /* UAF! */\n bdev-\u003ebd_disk-\u003efops-\u003erelease\n\nFix this problem by following what loop_init() does. Besides,\nreintroduce brd_devices_mutex to help serialize modifications to\nbrd_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56693",
"url": "https://www.suse.com/security/cve/CVE-2024-56693"
},
{
"category": "external",
"summary": "SUSE Bug 1235418 for CVE-2024-56693",
"url": "https://bugzilla.suse.com/1235418"
},
{
"category": "external",
"summary": "SUSE Bug 1235419 for CVE-2024-56693",
"url": "https://bugzilla.suse.com/1235419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "important"
}
],
"title": "CVE-2024-56693"
},
{
"cve": "CVE-2024-56707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c\n\nAdd error pointer checks after calling otx2_mbox_get_rsp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56707",
"url": "https://www.suse.com/security/cve/CVE-2024-56707"
},
{
"category": "external",
"summary": "SUSE Bug 1235545 for CVE-2024-56707",
"url": "https://bugzilla.suse.com/1235545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56707"
},
{
"cve": "CVE-2024-56715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: Fix netdev notifier unregister on failure\n\nIf register_netdev() fails, then the driver leaks the netdev notifier.\nFix this by calling ionic_lif_unregister() on register_netdev()\nfailure. This will also call ionic_lif_unregister_phc() if it has\nalready been registered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56715",
"url": "https://www.suse.com/security/cve/CVE-2024-56715"
},
{
"category": "external",
"summary": "SUSE Bug 1235612 for CVE-2024-56715",
"url": "https://bugzilla.suse.com/1235612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56715"
},
{
"cve": "CVE-2024-56725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56725",
"url": "https://www.suse.com/security/cve/CVE-2024-56725"
},
{
"category": "external",
"summary": "SUSE Bug 1235578 for CVE-2024-56725",
"url": "https://bugzilla.suse.com/1235578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56725"
},
{
"cve": "CVE-2024-56726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56726",
"url": "https://www.suse.com/security/cve/CVE-2024-56726"
},
{
"category": "external",
"summary": "SUSE Bug 1235582 for CVE-2024-56726",
"url": "https://bugzilla.suse.com/1235582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56726"
},
{
"cve": "CVE-2024-56727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c\n\nAdding error pointer check after calling otx2_mbox_get_rsp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56727",
"url": "https://www.suse.com/security/cve/CVE-2024-56727"
},
{
"category": "external",
"summary": "SUSE Bug 1235583 for CVE-2024-56727",
"url": "https://bugzilla.suse.com/1235583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56727"
},
{
"cve": "CVE-2024-56728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56728",
"url": "https://www.suse.com/security/cve/CVE-2024-56728"
},
{
"category": "external",
"summary": "SUSE Bug 1235656 for CVE-2024-56728",
"url": "https://bugzilla.suse.com/1235656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56728"
},
{
"cve": "CVE-2024-56763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Prevent bad count for tracing_cpumask_write\n\nIf a large count is provided, it will trigger a warning in bitmap_parse_user.\nAlso check zero for it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56763",
"url": "https://www.suse.com/security/cve/CVE-2024-56763"
},
{
"category": "external",
"summary": "SUSE Bug 1235638 for CVE-2024-56763",
"url": "https://bugzilla.suse.com/1235638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-56763"
},
{
"cve": "CVE-2024-57802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: check buffer length before accessing it\n\nSyzkaller reports an uninit value read from ax25cmp when sending raw message\nthrough ieee802154 implementation.\n\n=====================================================\nBUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119\n ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119\n nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601\n nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774\n nr_xmit+0x5a/0x1c0 net/netrom/nr_dev.c:144\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n raw_sendmsg+0x654/0xc10 net/ieee802154/socket.c:299\n ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2780\n sock_alloc_send_skb include/net/sock.h:1884 [inline]\n raw_sendmsg+0x36d/0xc10 net/ieee802154/socket.c:282\n ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 0 PID: 5037 Comm: syz-executor166 Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\n=====================================================\n\nThis issue occurs because the skb buffer is too small, and it\u0027s actual\nallocation is aligned. This hides an actual issue, which is that nr_route_frame\ndoes not validate the buffer size before using it.\n\nFix this issue by checking skb-\u003elen before accessing any fields in skb-\u003edata.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57802",
"url": "https://www.suse.com/security/cve/CVE-2024-57802"
},
{
"category": "external",
"summary": "SUSE Bug 1235941 for CVE-2024-57802",
"url": "https://bugzilla.suse.com/1235941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-57802"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false. \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: \"DMA32\"\n SIZE: 20480 MIN/LOW/HIGH: 11/28/45\n VM_STAT:\n NR_FREE_PAGES: 359\n NR_ZONE_INACTIVE_ANON: 18813\n NR_ZONE_ACTIVE_ANON: 0\n NR_ZONE_INACTIVE_FILE: 50\n NR_ZONE_ACTIVE_FILE: 0\n NR_ZONE_UNEVICTABLE: 0\n NR_ZONE_WRITE_PENDING: 0\n NR_MLOCK: 0\n NR_BOUNCE: 0\n NR_ZSPAGES: 0\n NR_FREE_CMA_PAGES: 0\n\n NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: \"Normal\"\n SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264\n VM_STAT:\n NR_FREE_PAGES: 146\n NR_ZONE_INACTIVE_ANON: 94668\n NR_ZONE_ACTIVE_ANON: 3\n NR_ZONE_INACTIVE_FILE: 735\n NR_ZONE_ACTIVE_FILE: 78\n NR_ZONE_UNEVICTABLE: 0\n NR_ZONE_WRITE_PENDING: 0\n NR_MLOCK: 0\n NR_BOUNCE: 0\n NR_ZSPAGES: 0\n NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero. \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n crash\u003e p nr_swap_pages\n nr_swap_pages = $1937 = {\n counter = 0\n }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat-\u003ekswapd_failures hasn\u0027t been incremented.\n\n crash\u003e px ((struct pglist_data *) 0xffff00817fffe540)-\u003ekswapd_failures\n $1935 = 0x0\n\nThis is because the node deemed balanced. The node balancing logic in\nbalance_pgdat() evaluates all zones collectively. If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced. This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages). This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable. By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL. This issue arises from\nzone_reclaimable_pages\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57884",
"url": "https://www.suse.com/security/cve/CVE-2024-57884"
},
{
"category": "external",
"summary": "SUSE Bug 1235948 for CVE-2024-57884",
"url": "https://bugzilla.suse.com/1235948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-57884"
},
{
"cve": "CVE-2024-57917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntopology: Keep the cpumask unchanged when printing cpumap\n\nDuring fuzz testing, the following warning was discovered:\n\n different return values (15 and 11) from vsnprintf(\"%*pbl\n \", ...)\n\n test:keyward is WARNING in kvasprintf\n WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130\n Call Trace:\n kvasprintf+0x121/0x130\n kasprintf+0xa6/0xe0\n bitmap_print_to_buf+0x89/0x100\n core_siblings_list_read+0x7e/0xb0\n kernfs_file_read_iter+0x15b/0x270\n new_sync_read+0x153/0x260\n vfs_read+0x215/0x290\n ksys_read+0xb9/0x160\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe call trace shows that kvasprintf() reported this warning during the\nprinting of core_siblings_list. kvasprintf() has several steps:\n\n (1) First, calculate the length of the resulting formatted string.\n\n (2) Allocate a buffer based on the returned length.\n\n (3) Then, perform the actual string formatting.\n\n (4) Check whether the lengths of the formatted strings returned in\n steps (1) and (2) are consistent.\n\nIf the core_cpumask is modified between steps (1) and (3), the lengths\nobtained in these two steps may not match. Indeed our test includes cpu\nhotplugging, which should modify core_cpumask while printing.\n\nTo fix this issue, cache the cpumask into a temporary variable before\ncalling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged\nduring the printing process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57917",
"url": "https://www.suse.com/security/cve/CVE-2024-57917"
},
{
"category": "external",
"summary": "SUSE Bug 1236127 for CVE-2024-57917",
"url": "https://bugzilla.suse.com/1236127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-57917"
},
{
"cve": "CVE-2024-57931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: ignore unknown extended permissions\n\nWhen evaluating extended permissions, ignore unknown permissions instead\nof calling BUG(). This commit ensures that future permissions can be\nadded without interfering with older kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57931",
"url": "https://www.suse.com/security/cve/CVE-2024-57931"
},
{
"category": "external",
"summary": "SUSE Bug 1236192 for CVE-2024-57931",
"url": "https://bugzilla.suse.com/1236192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-57931"
},
{
"cve": "CVE-2024-57938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sctp: Prevent autoclose integer overflow in sctp_association_init()\n\nWhile by default max_autoclose equals to INT_MAX / HZ, one may set\nnet.sctp.max_autoclose to UINT_MAX. There is code in\nsctp_association_init() that can consequently trigger overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57938",
"url": "https://www.suse.com/security/cve/CVE-2024-57938"
},
{
"category": "external",
"summary": "SUSE Bug 1236182 for CVE-2024-57938",
"url": "https://bugzilla.suse.com/1236182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-57938"
},
{
"cve": "CVE-2024-57946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: don\u0027t keep queue frozen during system suspend\n\nCommit 4ce6e2db00de (\"virtio-blk: Ensure no requests in virtqueues before\ndeleting vqs.\") replaces queue quiesce with queue freeze in virtio-blk\u0027s\nPM callbacks. And the motivation is to drain inflight IOs before suspending.\n\nblock layer\u0027s queue freeze looks very handy, but it is also easy to cause\ndeadlock, such as, any attempt to call into bio_queue_enter() may run into\ndeadlock if the queue is frozen in current context. There are all kinds\nof -\u003esuspend() called in suspend context, so keeping queue frozen in the\nwhole suspend context isn\u0027t one good idea. And Marek reported lockdep\nwarning[1] caused by virtio-blk\u0027s freeze queue in virtblk_freeze().\n\n[1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/\n\nGiven the motivation is to drain in-flight IOs, it can be done by calling\nfreeze \u0026 unfreeze, meantime restore to previous behavior by keeping queue\nquiesced during suspend.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57946",
"url": "https://www.suse.com/security/cve/CVE-2024-57946"
},
{
"category": "external",
"summary": "SUSE Bug 1236247 for CVE-2024-57946",
"url": "https://bugzilla.suse.com/1236247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-57946"
},
{
"cve": "CVE-2025-21652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Fix use-after-free in ipvlan_get_iflink().\n\nsyzbot presented an use-after-free report [0] regarding ipvlan and\nlinkwatch.\n\nipvlan does not hold a refcnt of the lower device unlike vlan and\nmacvlan.\n\nIf the linkwatch work is triggered for the ipvlan dev, the lower dev\nmight have already been freed, resulting in UAF of ipvlan-\u003ephy_dev in\nipvlan_get_iflink().\n\nWe can delay the lower dev unregistration like vlan and macvlan by\nholding the lower dev\u0027s refcnt in dev-\u003enetdev_ops-\u003endo_init() and\nreleasing it in dev-\u003epriv_destructor().\n\nJakub pointed out calling .ndo_XXX after unregister_netdevice() has\nreturned is error prone and suggested [1] addressing this UAF in the\ncore by taking commit 750e51603395 (\"net: avoid potential UAF in\ndefault_operstate()\") further.\n\nLet\u0027s assume unregistering devices DOWN and use RCU protection in\ndefault_operstate() not to race with the device unregistration.\n\n[0]:\nBUG: KASAN: slab-use-after-free in ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353\nRead of size 4 at addr ffff0000d768c0e0 by task kworker/u8:35/6944\n\nCPU: 0 UID: 0 PID: 6944 Comm: kworker/u8:35 Not tainted 6.13.0-rc2-g9bc5c9515b48 #12 4c3cb9e8b4565456f6a355f312ff91f4f29b3c47\nHardware name: linux,dummy-virt (DT)\nWorkqueue: events_unbound linkwatch_event\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:484 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load4_noabort+0x20/0x30 mm/kasan/report_generic.c:380\n ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353\n dev_get_iflink+0x7c/0xd8 net/core/dev.c:674\n default_operstate net/core/link_watch.c:45 [inline]\n rfc2863_policy+0x144/0x360 net/core/link_watch.c:72\n linkwatch_do_dev+0x60/0x228 net/core/link_watch.c:175\n __linkwatch_run_queue+0x2f4/0x5b8 net/core/link_watch.c:239\n linkwatch_event+0x64/0xa8 net/core/link_watch.c:282\n process_one_work+0x700/0x1398 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x8c4/0xe10 kernel/workqueue.c:3391\n kthread+0x2b0/0x360 kernel/kthread.c:389\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862\n\nAllocated by task 9303:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4283 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4289\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:650\n alloc_netdev_mqs+0xb4/0x1118 net/core/dev.c:11209\n rtnl_create_link+0x2b8/0xb60 net/core/rtnetlink.c:3595\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3771\n __rtnl_newlink net/core/rtnetlink.c:3896 [inline]\n rtnl_newlink+0x122c/0x15c0 net/core/rtnetlink.c:4011\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6901\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6928\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg net/socket.c:726 [inline]\n __sys_sendto+0x2ec/0x438 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __arm64_sys_sendto+0xe4/0x110 net/socket.c:2200\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21652",
"url": "https://www.suse.com/security/cve/CVE-2025-21652"
},
{
"category": "external",
"summary": "SUSE Bug 1236160 for CVE-2025-21652",
"url": "https://bugzilla.suse.com/1236160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21652"
},
{
"cve": "CVE-2025-21653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute\n\nsyzbot found that TCA_FLOW_RSHIFT attribute was not validated.\nRight shitfing a 32bit integer is undefined for large shift values.\n\nUBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23\nshift exponent 9445 is too large for 32-bit type \u0027u32\u0027 (aka \u0027unsigned int\u0027)\nCPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: ipv6_addrconf addrconf_dad_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468\n flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329\n tc_classify include/net/tc_wrapper.h:197 [inline]\n __tcf_classify net/sched/cls_api.c:1771 [inline]\n tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867\n sfb_classify net/sched/sch_sfb.c:260 [inline]\n sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318\n dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793\n __dev_xmit_skb net/core/dev.c:3889 [inline]\n __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_hh_output include/net/neighbour.h:523 [inline]\n neigh_output include/net/neighbour.h:537 [inline]\n ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82\n udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173\n geneve_xmit_skb drivers/net/geneve.c:916 [inline]\n geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606\n __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21653",
"url": "https://www.suse.com/security/cve/CVE-2025-21653"
},
{
"category": "external",
"summary": "SUSE Bug 1236161 for CVE-2025-21653",
"url": "https://bugzilla.suse.com/1236161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21653"
},
{
"cve": "CVE-2025-21655",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21655"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/eventfd: ensure io_eventfd_signal() defers another RCU period\n\nio_eventfd_do_signal() is invoked from an RCU callback, but when\ndropping the reference to the io_ev_fd, it calls io_eventfd_free()\ndirectly if the refcount drops to zero. This isn\u0027t correct, as any\npotential freeing of the io_ev_fd should be deferred another RCU grace\nperiod.\n\nJust call io_eventfd_put() rather than open-code the dec-and-test and\nfree, which will correctly defer it another RCU grace period.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21655",
"url": "https://www.suse.com/security/cve/CVE-2025-21655"
},
{
"category": "external",
"summary": "SUSE Bug 1236163 for CVE-2025-21655",
"url": "https://bugzilla.suse.com/1236163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21655"
},
{
"cve": "CVE-2025-21663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: dwmac-tegra: Read iommu stream id from device tree\n\nNvidia\u0027s Tegra MGBE controllers require the IOMMU \"Stream ID\" (SID) to be\nwritten to the MGBE_WRAP_AXI_ASID0_CTRL register.\n\nThe current driver is hard coded to use MGBE0\u0027s SID for all controllers.\nThis causes softirq time outs and kernel panics when using controllers\nother than MGBE0.\n\nExample dmesg errors when an ethernet cable is connected to MGBE1:\n\n[ 116.133290] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx\n[ 121.851283] tegra-mgbe 6910000.ethernet eth1: NETDEV WATCHDOG: CPU: 5: transmit queue 0 timed out 5690 ms\n[ 121.851782] tegra-mgbe 6910000.ethernet eth1: Reset adapter.\n[ 121.892464] tegra-mgbe 6910000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0\n[ 121.905920] tegra-mgbe 6910000.ethernet eth1: PHY [stmmac-1:00] driver [Aquantia AQR113] (irq=171)\n[ 121.907356] tegra-mgbe 6910000.ethernet eth1: Enabling Safety Features\n[ 121.907578] tegra-mgbe 6910000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported\n[ 121.908399] tegra-mgbe 6910000.ethernet eth1: registered PTP clock\n[ 121.908582] tegra-mgbe 6910000.ethernet eth1: configuring for phy/10gbase-r link mode\n[ 125.961292] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx\n[ 181.921198] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:\n[ 181.921404] rcu: \t7-....: (1 GPs behind) idle=540c/1/0x4000000000000002 softirq=1748/1749 fqs=2337\n[ 181.921684] rcu: \t(detected by 4, t=6002 jiffies, g=1357, q=1254 ncpus=8)\n[ 181.921878] Sending NMI from CPU 4 to CPUs 7:\n[ 181.921886] NMI backtrace for cpu 7\n[ 181.922131] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 6.13.0-rc3+ #6\n[ 181.922390] Hardware name: NVIDIA CTI Forge + Orin AGX/Jetson, BIOS 202402.1-Unknown 10/28/2024\n[ 181.922658] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 181.922847] pc : handle_softirqs+0x98/0x368\n[ 181.922978] lr : __do_softirq+0x18/0x20\n[ 181.923095] sp : ffff80008003bf50\n[ 181.923189] x29: ffff80008003bf50 x28: 0000000000000008 x27: 0000000000000000\n[ 181.923379] x26: ffffce78ea277000 x25: 0000000000000000 x24: 0000001c61befda0\n[ 181.924486] x23: 0000000060400009 x22: ffffce78e99918bc x21: ffff80008018bd70\n[ 181.925568] x20: ffffce78e8bb00d8 x19: ffff80008018bc20 x18: 0000000000000000\n[ 181.926655] x17: ffff318ebe7d3000 x16: ffff800080038000 x15: 0000000000000000\n[ 181.931455] x14: ffff000080816680 x13: ffff318ebe7d3000 x12: 000000003464d91d\n[ 181.938628] x11: 0000000000000040 x10: ffff000080165a70 x9 : ffffce78e8bb0160\n[ 181.945804] x8 : ffff8000827b3160 x7 : f9157b241586f343 x6 : eeb6502a01c81c74\n[ 181.953068] x5 : a4acfcdd2e8096bb x4 : ffffce78ea277340 x3 : 00000000ffffd1e1\n[ 181.960329] x2 : 0000000000000101 x1 : ffffce78ea277340 x0 : ffff318ebe7d3000\n[ 181.967591] Call trace:\n[ 181.970043] handle_softirqs+0x98/0x368 (P)\n[ 181.974240] __do_softirq+0x18/0x20\n[ 181.977743] ____do_softirq+0x14/0x28\n[ 181.981415] call_on_irq_stack+0x24/0x30\n[ 181.985180] do_softirq_own_stack+0x20/0x30\n[ 181.989379] __irq_exit_rcu+0x114/0x140\n[ 181.993142] irq_exit_rcu+0x14/0x28\n[ 181.996816] el1_interrupt+0x44/0xb8\n[ 182.000316] el1h_64_irq_handler+0x14/0x20\n[ 182.004343] el1h_64_irq+0x80/0x88\n[ 182.007755] cpuidle_enter_state+0xc4/0x4a8 (P)\n[ 182.012305] cpuidle_enter+0x3c/0x58\n[ 182.015980] cpuidle_idle_call+0x128/0x1c0\n[ 182.020005] do_idle+0xe0/0xf0\n[ 182.023155] cpu_startup_entry+0x3c/0x48\n[ 182.026917] secondary_start_kernel+0xdc/0x120\n[ 182.031379] __secondary_switched+0x74/0x78\n[ 212.971162] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 7-.... } 6103 jiffies s: 417 root: 0x80/.\n[ 212.985935] rcu: blocking rcu_node structures (internal RCU debug):\n[ 212.992758] Sending NMI from CPU 0 to CPUs 7:\n[ 212.998539] NMI backtrace for cpu 7\n[ 213.004304] CPU: 7 UID: 0 PI\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21663",
"url": "https://www.suse.com/security/cve/CVE-2025-21663"
},
{
"category": "external",
"summary": "SUSE Bug 1236260 for CVE-2025-21663",
"url": "https://bugzilla.suse.com/1236260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21663"
},
{
"cve": "CVE-2025-21664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: make get_first_thin use rcu-safe list first function\n\nThe documentation in rculist.h explains the absence of list_empty_rcu()\nand cautions programmers against relying on a list_empty() -\u003e\nlist_first() sequence in RCU safe code. This is because each of these\nfunctions performs its own READ_ONCE() of the list head. This can lead\nto a situation where the list_empty() sees a valid list entry, but the\nsubsequent list_first() sees a different view of list head state after a\nmodification.\n\nIn the case of dm-thin, this author had a production box crash from a GP\nfault in the process_deferred_bios path. This function saw a valid list\nhead in get_first_thin() but when it subsequently dereferenced that and\nturned it into a thin_c, it got the inside of the struct pool, since the\nlist was now empty and referring to itself. The kernel on which this\noccurred printed both a warning about a refcount_t being saturated, and\na UBSAN error for an out-of-bounds cpuid access in the queued spinlock,\nprior to the fault itself. When the resulting kdump was examined, it\nwas possible to see another thread patiently waiting in thin_dtr\u0027s\nsynchronize_rcu.\n\nThe thin_dtr call managed to pull the thin_c out of the active thins\nlist (and have it be the last entry in the active_thins list) at just\nthe wrong moment which lead to this crash.\n\nFortunately, the fix here is straight forward. Switch get_first_thin()\nfunction to use list_first_or_null_rcu() which performs just a single\nREAD_ONCE() and returns NULL if the list is already empty.\n\nThis was run against the devicemapper test suite\u0027s thin-provisioning\nsuites for delete and suspend and no regressions were observed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21664",
"url": "https://www.suse.com/security/cve/CVE-2025-21664"
},
{
"category": "external",
"summary": "SUSE Bug 1236262 for CVE-2025-21664",
"url": "https://bugzilla.suse.com/1236262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21664"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel\n\nAttempt to enable IPsec packet offload in tunnel mode in debug kernel\ngenerates the following kernel panic, which is happening due to two\nissues:\n1. In SA add section, the should be _bh() variant when marking SA mode.\n2. There is not needed flush_workqueue in SA delete routine. It is not\nneeded as at this stage as it is removed from SADB and the running work\nwill be canceled later in SA free.\n\n =====================================================\n WARNING: SOFTIRQ-safe -\u003e SOFTIRQ-unsafe lock order detected\n 6.12.0+ #4 Not tainted\n -----------------------------------------------------\n charon/1337 [HC0[0]:SC0[4]:HE1:SE0] is trying to acquire:\n ffff88810f365020 (\u0026xa-\u003exa_lock#24){+.+.}-{3:3}, at: mlx5e_xfrm_del_state+0xca/0x1e0 [mlx5_core]\n\n and this task is already holding:\n ffff88813e0f0d48 (\u0026x-\u003elock){+.-.}-{3:3}, at: xfrm_state_delete+0x16/0x30\n which would create a new lock dependency:\n (\u0026x-\u003elock){+.-.}-{3:3} -\u003e (\u0026xa-\u003exa_lock#24){+.+.}-{3:3}\n\n but this new dependency connects a SOFTIRQ-irq-safe lock:\n (\u0026x-\u003elock){+.-.}-{3:3}\n\n ... which became SOFTIRQ-irq-safe at:\n lock_acquire+0x1be/0x520\n _raw_spin_lock_bh+0x34/0x40\n xfrm_timer_handler+0x91/0xd70\n __hrtimer_run_queues+0x1dd/0xa60\n hrtimer_run_softirq+0x146/0x2e0\n handle_softirqs+0x266/0x860\n irq_exit_rcu+0x115/0x1a0\n sysvec_apic_timer_interrupt+0x6e/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n default_idle+0x13/0x20\n default_idle_call+0x67/0xa0\n do_idle+0x2da/0x320\n cpu_startup_entry+0x50/0x60\n start_secondary+0x213/0x2a0\n common_startup_64+0x129/0x138\n\n to a SOFTIRQ-irq-unsafe lock:\n (\u0026xa-\u003exa_lock#24){+.+.}-{3:3}\n\n ... which became SOFTIRQ-irq-unsafe at:\n ...\n lock_acquire+0x1be/0x520\n _raw_spin_lock+0x2c/0x40\n xa_set_mark+0x70/0x110\n mlx5e_xfrm_add_state+0xe48/0x2290 [mlx5_core]\n xfrm_dev_state_add+0x3bb/0xd70\n xfrm_add_sa+0x2451/0x4a90\n xfrm_user_rcv_msg+0x493/0x880\n netlink_rcv_skb+0x12e/0x380\n xfrm_netlink_rcv+0x6d/0x90\n netlink_unicast+0x42f/0x740\n netlink_sendmsg+0x745/0xbe0\n __sock_sendmsg+0xc5/0x190\n __sys_sendto+0x1fe/0x2c0\n __x64_sys_sendto+0xdc/0x1b0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n other info that might help us debug this:\n\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026xa-\u003exa_lock#24);\n local_irq_disable();\n lock(\u0026x-\u003elock);\n lock(\u0026xa-\u003exa_lock#24);\n \u003cInterrupt\u003e\n lock(\u0026x-\u003elock);\n\n *** DEADLOCK ***\n\n 2 locks held by charon/1337:\n #0: ffffffff87f8f858 (\u0026net-\u003exfrm.xfrm_cfg_mutex){+.+.}-{4:4}, at: xfrm_netlink_rcv+0x5e/0x90\n #1: ffff88813e0f0d48 (\u0026x-\u003elock){+.-.}-{3:3}, at: xfrm_state_delete+0x16/0x30\n\n the dependencies between SOFTIRQ-irq-safe lock and the holding lock:\n -\u003e (\u0026x-\u003elock){+.-.}-{3:3} ops: 29 {\n HARDIRQ-ON-W at:\n lock_acquire+0x1be/0x520\n _raw_spin_lock_bh+0x34/0x40\n xfrm_alloc_spi+0xc0/0xe60\n xfrm_alloc_userspi+0x5f6/0xbc0\n xfrm_user_rcv_msg+0x493/0x880\n netlink_rcv_skb+0x12e/0x380\n xfrm_netlink_rcv+0x6d/0x90\n netlink_unicast+0x42f/0x740\n netlink_sendmsg+0x745/0xbe0\n __sock_sendmsg+0xc5/0x190\n __sys_sendto+0x1fe/0x2c0\n __x64_sys_sendto+0xdc/0x1b0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n IN-SOFTIRQ-W at:\n lock_acquire+0x1be/0x520\n _raw_spin_lock_bh+0x34/0x40\n xfrm_timer_handler+0x91/0xd70\n __hrtimer_run_queues+0x1dd/0xa60\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21674",
"url": "https://www.suse.com/security/cve/CVE-2025-21674"
},
{
"category": "external",
"summary": "SUSE Bug 1236688 for CVE-2025-21674",
"url": "https://bugzilla.suse.com/1236688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21674"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: handle page_pool_dev_alloc_pages error\n\nThe fec_enet_update_cbd function calls page_pool_dev_alloc_pages but did\nnot handle the case when it returned NULL. There was a WARN_ON(!new_page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis case does seem somewhat rare but when the system is under memory\npressure it can happen. One case where I can duplicate this with some\nfrequency is when writing over a smbd share to a SATA HDD attached to an\nimx6q.\n\nSetting /proc/sys/vm/min_free_kbytes to higher values also seems to solve\nthe problem for my test case. But it still seems wrong that the fec driver\nignores the memory allocation error and can crash.\n\nThis commit handles the allocation error by dropping the current packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21676",
"url": "https://www.suse.com/security/cve/CVE-2025-21676"
},
{
"category": "external",
"summary": "SUSE Bug 1236696 for CVE-2025-21676",
"url": "https://bugzilla.suse.com/1236696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21676"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21682"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: always recalculate features after XDP clearing, fix null-deref\n\nRecalculate features when XDP is detached.\n\nBefore:\n # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp\n # ip li set dev eth0 xdp off\n # ethtool -k eth0 | grep gro\n rx-gro-hw: off [requested on]\n\nAfter:\n # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp\n # ip li set dev eth0 xdp off\n # ethtool -k eth0 | grep gro\n rx-gro-hw: on\n\nThe fact that HW-GRO doesn\u0027t get re-enabled automatically is just\na minor annoyance. The real issue is that the features will randomly\ncome back during another reconfiguration which just happens to invoke\nnetdev_update_features(). The driver doesn\u0027t handle reconfiguring\ntwo things at a time very robustly.\n\nStarting with commit 98ba1d931f61 (\"bnxt_en: Fix RSS logic in\n__bnxt_reserve_rings()\") we only reconfigure the RSS hash table\nif the \"effective\" number of Rx rings has changed. If HW-GRO is\nenabled \"effective\" number of rings is 2x what user sees.\nSo if we are in the bad state, with HW-GRO re-enablement \"pending\"\nafter XDP off, and we lower the rings by / 2 - the HW-GRO rings\ndoing 2x and the ethtool -L doing / 2 may cancel each other out,\nand the:\n\n if (old_rx_rings != bp-\u003ehw_resc.resv_rx_rings \u0026\u0026\n\ncondition in __bnxt_reserve_rings() will be false.\nThe RSS map won\u0027t get updated, and we\u0027ll crash with:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000168\n RIP: 0010:__bnxt_hwrm_vnic_set_rss+0x13a/0x1a0\n bnxt_hwrm_vnic_rss_cfg_p5+0x47/0x180\n __bnxt_setup_vnic_p5+0x58/0x110\n bnxt_init_nic+0xb72/0xf50\n __bnxt_open_nic+0x40d/0xab0\n bnxt_open_nic+0x2b/0x60\n ethtool_set_channels+0x18c/0x1d0\n\nAs we try to access a freed ring.\n\nThe issue is present since XDP support was added, really, but\nprior to commit 98ba1d931f61 (\"bnxt_en: Fix RSS logic in\n__bnxt_reserve_rings()\") it wasn\u0027t causing major issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21682",
"url": "https://www.suse.com/security/cve/CVE-2025-21682"
},
{
"category": "external",
"summary": "SUSE Bug 1236703 for CVE-2025-21682",
"url": "https://bugzilla.suse.com/1236703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.15.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.15.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-17T13:26:35Z",
"details": "moderate"
}
],
"title": "CVE-2025-21682"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…