suse-su-2025:0867-1
Vulnerability from csaf_suse
Published
2025-03-14 09:55
Modified
2025-03-14 09:55
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768).
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus -revert (bsc#1237160).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Reduce readdir stack usage (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
Patchnames
SUSE-2025-867,SUSE-SUSE-MicroOS-5.1-2025-867,SUSE-SUSE-MicroOS-5.2-2025-867
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768).\n- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).\n- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).\n- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).\n- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).\n- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).\n- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).\n- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).\n- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).\n- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).\n- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).\n- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).\n- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).\n- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).\n- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).\n\nThe following non-security bugs were fixed:\n\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).\n- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).\n- NFS: Improve heuristic for readdirplus -revert (bsc#1237160).\n- NFS: Improve heuristic for readdirplus (bsc#1231847).\n- NFS: Reduce readdir stack usage (bsc#1231847).\n- NFS: Trigger the \u0027ls -l\u0027 readdir heuristic sooner (bsc#1231847).\n- NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847).\n- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-867,SUSE-SUSE-MicroOS-5.1-2025-867,SUSE-SUSE-MicroOS-5.2-2025-867",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0867-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0867-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250867-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0867-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020514.html"
},
{
"category": "self",
"summary": "SUSE Bug 1215420",
"url": "https://bugzilla.suse.com/1215420"
},
{
"category": "self",
"summary": "SUSE Bug 1224700",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "self",
"summary": "SUSE Bug 1224763",
"url": "https://bugzilla.suse.com/1224763"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1231847",
"url": "https://bugzilla.suse.com/1231847"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233112",
"url": "https://bugzilla.suse.com/1233112"
},
{
"category": "self",
"summary": "SUSE Bug 1234025",
"url": "https://bugzilla.suse.com/1234025"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235217",
"url": "https://bugzilla.suse.com/1235217"
},
{
"category": "self",
"summary": "SUSE Bug 1235230",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "self",
"summary": "SUSE Bug 1235249",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "self",
"summary": "SUSE Bug 1235430",
"url": "https://bugzilla.suse.com/1235430"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235466",
"url": "https://bugzilla.suse.com/1235466"
},
{
"category": "self",
"summary": "SUSE Bug 1235645",
"url": "https://bugzilla.suse.com/1235645"
},
{
"category": "self",
"summary": "SUSE Bug 1235759",
"url": "https://bugzilla.suse.com/1235759"
},
{
"category": "self",
"summary": "SUSE Bug 1235814",
"url": "https://bugzilla.suse.com/1235814"
},
{
"category": "self",
"summary": "SUSE Bug 1235818",
"url": "https://bugzilla.suse.com/1235818"
},
{
"category": "self",
"summary": "SUSE Bug 1235920",
"url": "https://bugzilla.suse.com/1235920"
},
{
"category": "self",
"summary": "SUSE Bug 1236104",
"url": "https://bugzilla.suse.com/1236104"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237160",
"url": "https://bugzilla.suse.com/1237160"
},
{
"category": "self",
"summary": "SUSE Bug 1237389",
"url": "https://bugzilla.suse.com/1237389"
},
{
"category": "self",
"summary": "SUSE Bug 1237768",
"url": "https://bugzilla.suse.com/1237768"
},
{
"category": "self",
"summary": "SUSE Bug 1238033",
"url": "https://bugzilla.suse.com/1238033"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47633 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49080 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4244 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52923 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35863 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50199 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56600 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56623 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56759 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57791 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57798 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57893 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-14T09:55:18Z",
"generator": {
"date": "2025-03-14T09:55:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0867-1",
"initial_release_date": "2025-03-14T09:55:18Z",
"revision_history": [
{
"date": "2025-03-14T09:55:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-150300.202.1.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-150300.202.1.noarch",
"product_id": "kernel-devel-rt-5.3.18-150300.202.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-150300.202.1.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-150300.202.1.noarch",
"product_id": "kernel-source-rt-5.3.18-150300.202.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-150300.202.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-150300.202.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-150300.202.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-150300.202.1.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-150300.202.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-150300.202.1.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt-devel-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt-extra-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt-optional-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt_debug-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-optional-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-rt_debug-optional-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-rt_debug-optional-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-150300.202.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-150300.202.1.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-150300.202.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-150300.202.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-150300.202.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-150300.202.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-150300.202.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.202.1.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.202.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.202.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.202.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.202.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.202.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.202.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.202.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.202.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.202.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111\n\nThe bug was found during fuzzing. Stacktrace locates it in\nath5k_eeprom_convert_pcal_info_5111.\nWhen none of the curve is selected in the loop, idx can go\nup to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.\npd = \u0026chinfo[pier].pd_curves[idx];\n\nThere are many OOB writes using pd later in the code. So I\nadded a sanity check for idx. Checks for other loops involving\nAR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not\nused outside the loops.\n\nThe patch is NOT tested with real device.\n\nThe following is the fuzzing report\n\nBUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\nWrite of size 1 at addr ffff8880174a4d60 by task modprobe/214\n\nCPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1\nCall Trace:\n dump_stack+0x76/0xa0\n print_address_description.constprop.0+0x16/0x200\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n __kasan_report.cold+0x37/0x7c\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n kasan_report+0xe/0x20\n ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]\n ath5k_eeprom_init+0x2513/0x6290 [ath5k]\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? usleep_range+0xb8/0x100\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]\n ath5k_hw_init+0xb60/0x1970 [ath5k]\n ath5k_init_ah+0x6fe/0x2530 [ath5k]\n ? kasprintf+0xa6/0xe0\n ? ath5k_stop+0x140/0x140 [ath5k]\n ? _dev_notice+0xf6/0xf6\n ? apic_timer_interrupt+0xa/0x20\n ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n ? mutex_lock+0x89/0xd0\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n local_pci_probe+0xd3/0x160\n pci_device_probe+0x23f/0x3e0\n ? pci_device_remove+0x280/0x280\n ? pci_device_remove+0x280/0x280\n really_probe+0x209/0x5d0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47633",
"url": "https://www.suse.com/security/cve/CVE-2021-47633"
},
{
"category": "external",
"summary": "SUSE Bug 1237768 for CVE-2021-47633",
"url": "https://bugzilla.suse.com/1237768"
},
{
"category": "external",
"summary": "SUSE Bug 1237769 for CVE-2021-47633",
"url": "https://bugzilla.suse.com/1237769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2021-47633"
},
{
"cve": "CVE-2022-49080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix mpol_new leak in shared_policy_replace\n\nIf mpol_new is allocated but not used in restart loop, mpol_new will be\nfreed via mpol_put before returning to the caller. But refcnt is not\ninitialized yet, so mpol_put could not do the right things and might\nleak the unused mpol_new. This would happen if mempolicy was updated on\nthe shared shmem file while the sp-\u003elock has been dropped during the\nmemory allocation.\n\nThis issue could be triggered easily with the below code snippet if\nthere are many processes doing the below work at the same time:\n\n shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);\n shm = shmat(shmid, 0, 0);\n loop many times {\n mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);\n mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,\n maxnode, 0);\n }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49080",
"url": "https://www.suse.com/security/cve/CVE-2022-49080"
},
{
"category": "external",
"summary": "SUSE Bug 1238033 for CVE-2022-49080",
"url": "https://bugzilla.suse.com/1238033"
},
{
"category": "external",
"summary": "SUSE Bug 1238324 for CVE-2022-49080",
"url": "https://bugzilla.suse.com/1238324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2022-49080"
},
{
"cve": "CVE-2023-4244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4244"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nDue to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4244",
"url": "https://www.suse.com/security/cve/CVE-2023-4244"
},
{
"category": "external",
"summary": "SUSE Bug 1215420 for CVE-2023-4244",
"url": "https://bugzilla.suse.com/1215420"
},
{
"category": "external",
"summary": "SUSE Bug 1215424 for CVE-2023-4244",
"url": "https://bugzilla.suse.com/1215424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2023-4244"
},
{
"cve": "CVE-2023-52923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: adapt set backend to use GC transaction API\n\nUse the GC transaction API to replace the old and buggy gc API and the\nbusy mark approach.\n\nNo set elements are removed from async garbage collection anymore,\ninstead the _DEAD bit is set on so the set element is not visible from\nlookup path anymore. Async GC enqueues transaction work that might be\naborted and retried later.\n\nrbtree and pipapo set backends does not set on the _DEAD bit from the\nsync GC path since this runs in control plane path where mutex is held.\nIn this case, set elements are deactivated, removed and then released\nvia RCU callback, sync GC never fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52923",
"url": "https://www.suse.com/security/cve/CVE-2023-52923"
},
{
"category": "external",
"summary": "SUSE Bug 1236104 for CVE-2023-52923",
"url": "https://bugzilla.suse.com/1236104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-52923"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2024-35863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in is_valid_oplock_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35863",
"url": "https://www.suse.com/security/cve/CVE-2024-35863"
},
{
"category": "external",
"summary": "SUSE Bug 1224763 for CVE-2024-35863",
"url": "https://bugzilla.suse.com/1224763"
},
{
"category": "external",
"summary": "SUSE Bug 1225011 for CVE-2024-35863",
"url": "https://bugzilla.suse.com/1225011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-35863"
},
{
"cve": "CVE-2024-35949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\u0027t set on the leaf, and then the\nextended leaf checks don\u0027t get run which we rely on to validate all of\nthe item pointers to make sure we don\u0027t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking. This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n [2.621] Call Trace:\n [2.621] \u003cTASK\u003e\n [2.621] ? show_regs+0x74/0x80\n [2.621] ? die_addr+0x46/0xc0\n [2.621] ? exc_general_protection+0x161/0x2a0\n [2.621] ? asm_exc_general_protection+0x26/0x30\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? btrfs_get_16+0x34b/0x6d0\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? __pfx_btrfs_get_16+0x10/0x10\n [2.621] ? __pfx_mutex_unlock+0x10/0x10\n [2.621] btrfs_match_dir_item_name+0x101/0x1a0\n [2.621] btrfs_lookup_dir_item+0x1f3/0x280\n [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n [2.621] btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35949",
"url": "https://www.suse.com/security/cve/CVE-2024-35949"
},
{
"category": "external",
"summary": "SUSE Bug 1224700 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "external",
"summary": "SUSE Bug 1229273 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1229273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-35949"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50199"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swapfile: skip HugeTLB pages for unuse_vma\n\nI got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The\nproblem can be reproduced by the following steps:\n\n 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory.\n 2. Swapout the above anonymous memory.\n 3. run swapoff and we will get a bad pud error in kernel message:\n\n mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7)\n\nWe can tell that pud_clear_bad is called by pud_none_or_clear_bad in\nunuse_pud_range() by ftrace. And therefore the HugeTLB pages will never\nbe freed because we lost it from page table. We can skip HugeTLB pages\nfor unuse_vma to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50199",
"url": "https://www.suse.com/security/cve/CVE-2024-50199"
},
{
"category": "external",
"summary": "SUSE Bug 1233112 for CVE-2024-50199",
"url": "https://bugzilla.suse.com/1233112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "moderate"
}
],
"title": "CVE-2024-50199"
},
{
"cve": "CVE-2024-53104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53104",
"url": "https://www.suse.com/security/cve/CVE-2024-53104"
},
{
"category": "external",
"summary": "SUSE Bug 1234025 for CVE-2024-53104",
"url": "https://bugzilla.suse.com/1234025"
},
{
"category": "external",
"summary": "SUSE Bug 1236783 for CVE-2024-53104",
"url": "https://bugzilla.suse.com/1236783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-53104"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet6: do not leave a dangling sk pointer in inet6_create()\n\nsock_init_data() attaches the allocated sk pointer to the provided sock\nobject. If inet6_create() fails later, the sk object is released, but the\nsock object retains the dangling sk pointer, which may cause use-after-free\nlater.\n\nClear the sock sk pointer on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56600",
"url": "https://www.suse.com/security/cve/CVE-2024-56600"
},
{
"category": "external",
"summary": "SUSE Bug 1235217 for CVE-2024-56600",
"url": "https://bugzilla.suse.com/1235217"
},
{
"category": "external",
"summary": "SUSE Bug 1235218 for CVE-2024-56600",
"url": "https://bugzilla.suse.com/1235218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56600"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56623"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix use after free on unload\n\nSystem crash is observed with stack trace warning of use after\nfree. There are 2 signals to tell dpc_thread to terminate (UNLOADING\nflag and kthread_stop).\n\nOn setting the UNLOADING flag when dpc_thread happens to run at the time\nand sees the flag, this causes dpc_thread to exit and clean up\nitself. When kthread_stop is called for final cleanup, this causes use\nafter free.\n\nRemove UNLOADING signal to terminate dpc_thread. Use the kthread_stop\nas the main signal to exit dpc_thread.\n\n[596663.812935] kernel BUG at mm/slub.c:294!\n[596663.812950] invalid opcode: 0000 [#1] SMP PTI\n[596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1\n[596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012\n[596663.812974] RIP: 0010:__slab_free+0x17d/0x360\n\n...\n[596663.813008] Call Trace:\n[596663.813022] ? __dentry_kill+0x121/0x170\n[596663.813030] ? _cond_resched+0x15/0x30\n[596663.813034] ? _cond_resched+0x15/0x30\n[596663.813039] ? wait_for_completion+0x35/0x190\n[596663.813048] ? try_to_wake_up+0x63/0x540\n[596663.813055] free_task+0x5a/0x60\n[596663.813061] kthread_stop+0xf3/0x100\n[596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56623",
"url": "https://www.suse.com/security/cve/CVE-2024-56623"
},
{
"category": "external",
"summary": "SUSE Bug 1235466 for CVE-2024-56623",
"url": "https://bugzilla.suse.com/1235466"
},
{
"category": "external",
"summary": "SUSE Bug 1235468 for CVE-2024-56623",
"url": "https://bugzilla.suse.com/1235468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56623"
},
{
"cve": "CVE-2024-56650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix LED ID check in led_tg_check()\n\nSyzbot has reported the following BUG detected by KASAN:\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70\nRead of size 1 at addr ffff8881022da0c8 by task repro/5879\n...\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x241/0x360\n ? __pfx_dump_stack_lvl+0x10/0x10\n ? __pfx__printk+0x10/0x10\n ? _printk+0xd5/0x120\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n print_report+0x169/0x550\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x45f/0x530\n ? __phys_addr+0xba/0x170\n ? strlen+0x58/0x70\n kasan_report+0x143/0x180\n ? strlen+0x58/0x70\n strlen+0x58/0x70\n kstrdup+0x20/0x80\n led_tg_check+0x18b/0x3c0\n xt_check_target+0x3bb/0xa40\n ? __pfx_xt_check_target+0x10/0x10\n ? stack_depot_save_flags+0x6e4/0x830\n ? nft_target_init+0x174/0xc30\n nft_target_init+0x82d/0xc30\n ? __pfx_nft_target_init+0x10/0x10\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? rcu_is_watching+0x15/0xb0\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? __kmalloc_noprof+0x21a/0x400\n nf_tables_newrule+0x1860/0x2980\n ? __pfx_nf_tables_newrule+0x10/0x10\n ? __nla_parse+0x40/0x60\n nfnetlink_rcv+0x14e5/0x2ab0\n ? __pfx_validate_chain+0x10/0x10\n ? __pfx_nfnetlink_rcv+0x10/0x10\n ? __lock_acquire+0x1384/0x2050\n ? netlink_deliver_tap+0x2e/0x1b0\n ? __pfx_lock_release+0x10/0x10\n ? netlink_deliver_tap+0x2e/0x1b0\n netlink_unicast+0x7f8/0x990\n ? __pfx_netlink_unicast+0x10/0x10\n ? __virt_addr_valid+0x183/0x530\n ? __check_object_size+0x48e/0x900\n netlink_sendmsg+0x8e4/0xcb0\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? aa_sock_msg_perm+0x91/0x160\n ? __pfx_netlink_sendmsg+0x10/0x10\n __sock_sendmsg+0x223/0x270\n ____sys_sendmsg+0x52a/0x7e0\n ? __pfx_____sys_sendmsg+0x10/0x10\n __sys_sendmsg+0x292/0x380\n ? __pfx___sys_sendmsg+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? exc_page_fault+0x590/0x8c0\n ? do_syscall_64+0xb6/0x230\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nSince an invalid (without \u0027\\0\u0027 byte at all) byte sequence may be passed\nfrom userspace, add an extra check to ensure that such a sequence is\nrejected as possible ID and so never passed to \u0027kstrdup()\u0027 and further.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56650",
"url": "https://www.suse.com/security/cve/CVE-2024-56650"
},
{
"category": "external",
"summary": "SUSE Bug 1235430 for CVE-2024-56650",
"url": "https://bugzilla.suse.com/1235430"
},
{
"category": "external",
"summary": "SUSE Bug 1235431 for CVE-2024-56650",
"url": "https://bugzilla.suse.com/1235431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56650"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2024-56759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when COWing tree bock and tracing is enabled\n\nWhen a COWing a tree block, at btrfs_cow_block(), and we have the\ntracepoint trace_btrfs_cow_block() enabled and preemption is also enabled\n(CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent\nbuffer while inside the tracepoint code. This is because in some paths\nthat call btrfs_cow_block(), such as btrfs_search_slot(), we are holding\nthe last reference on the extent buffer @buf so btrfs_force_cow_block()\ndrops the last reference on the @buf extent buffer when it calls\nfree_extent_buffer_stale(buf), which schedules the release of the extent\nbuffer with RCU. This means that if we are on a kernel with preemption,\nthe current task may be preempted before calling trace_btrfs_cow_block()\nand the extent buffer already released by the time trace_btrfs_cow_block()\nis called, resulting in a use-after-free.\n\nFix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to\nbtrfs_force_cow_block() before the COWed extent buffer is freed.\nThis also has a side effect of invoking the tracepoint in the tree defrag\ncode, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is\ncalled there, but this is fine and it was actually missing there.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56759",
"url": "https://www.suse.com/security/cve/CVE-2024-56759"
},
{
"category": "external",
"summary": "SUSE Bug 1235645 for CVE-2024-56759",
"url": "https://bugzilla.suse.com/1235645"
},
{
"category": "external",
"summary": "SUSE Bug 1236569 for CVE-2024-56759",
"url": "https://bugzilla.suse.com/1236569"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-56759"
},
{
"cve": "CVE-2024-57791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check return value of sock_recvmsg when draining clc data\n\nWhen receiving clc msg, the field length in smc_clc_msg_hdr indicates the\nlength of msg should be received from network and the value should not be\nfully trusted as it is from the network. Once the value of length exceeds\nthe value of buflen in function smc_clc_wait_msg it may run into deadloop\nwhen trying to drain the remaining data exceeding buflen.\n\nThis patch checks the return value of sock_recvmsg when draining data in\ncase of deadloop in draining.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57791",
"url": "https://www.suse.com/security/cve/CVE-2024-57791"
},
{
"category": "external",
"summary": "SUSE Bug 1235759 for CVE-2024-57791",
"url": "https://bugzilla.suse.com/1235759"
},
{
"category": "external",
"summary": "SUSE Bug 1235760 for CVE-2024-57791",
"url": "https://bugzilla.suse.com/1235760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-57791"
},
{
"cve": "CVE-2024-57798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()\n\nWhile receiving an MST up request message from one thread in\ndrm_dp_mst_handle_up_req(), the MST topology could be removed from\nanother thread via drm_dp_mst_topology_mgr_set_mst(false), freeing\nmst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL.\nThis could lead to a NULL deref/use-after-free of mst_primary in\ndrm_dp_mst_handle_up_req().\n\nAvoid the above by holding a reference for mst_primary in\ndrm_dp_mst_handle_up_req() while it\u0027s used.\n\nv2: Fix kfreeing the request if getting an mst_primary reference fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57798",
"url": "https://www.suse.com/security/cve/CVE-2024-57798"
},
{
"category": "external",
"summary": "SUSE Bug 1235818 for CVE-2024-57798",
"url": "https://bugzilla.suse.com/1235818"
},
{
"category": "external",
"summary": "SUSE Bug 1235819 for CVE-2024-57798",
"url": "https://bugzilla.suse.com/1235819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-57798"
},
{
"cve": "CVE-2024-57849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cpum_sf: Handle CPU hotplug remove during sampling\n\nCPU hotplug remove handling triggers the following function\ncall sequence:\n\n CPUHP_AP_PERF_S390_SF_ONLINE --\u003e s390_pmu_sf_offline_cpu()\n ...\n CPUHP_AP_PERF_ONLINE --\u003e perf_event_exit_cpu()\n\nThe s390 CPUMF sampling CPU hotplug handler invokes:\n\n s390_pmu_sf_offline_cpu()\n +--\u003e cpusf_pmu_setup()\n +--\u003e setup_pmc_cpu()\n +--\u003e deallocate_buffers()\n\nThis function de-allocates all sampling data buffers (SDBs) allocated\nfor that CPU at event initialization. It also clears the\nPMU_F_RESERVED bit. The CPU is gone and can not be sampled.\n\nWith the event still being active on the removed CPU, the CPU event\nhotplug support in kernel performance subsystem triggers the\nfollowing function calls on the removed CPU:\n\n perf_event_exit_cpu()\n +--\u003e perf_event_exit_cpu_context()\n +--\u003e __perf_event_exit_context()\n\t +--\u003e __perf_remove_from_context()\n\t +--\u003e event_sched_out()\n\t +--\u003e cpumsf_pmu_del()\n\t +--\u003e cpumsf_pmu_stop()\n +--\u003e hw_perf_event_update()\n\nto stop and remove the event. During removal of the event, the\nsampling device driver tries to read out the remaining samples from\nthe sample data buffers (SDBs). But they have already been freed\n(and may have been re-assigned). This may lead to a use after free\nsituation in which case the samples are most likely invalid. In the\nbest case the memory has not been reassigned and still contains\nvalid data.\n\nRemedy this situation and check if the CPU is still in reserved\nstate (bit PMU_F_RESERVED set). In this case the SDBs have not been\nreleased an contain valid data. This is always the case when\nthe event is removed (and no CPU hotplug off occured).\nIf the PMU_F_RESERVED bit is not set, the SDB buffers are gone.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57849",
"url": "https://www.suse.com/security/cve/CVE-2024-57849"
},
{
"category": "external",
"summary": "SUSE Bug 1235814 for CVE-2024-57849",
"url": "https://bugzilla.suse.com/1235814"
},
{
"category": "external",
"summary": "SUSE Bug 1235815 for CVE-2024-57849",
"url": "https://bugzilla.suse.com/1235815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-57849"
},
{
"cve": "CVE-2024-57893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57893"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: seq: oss: Fix races at processing SysEx messages\n\nOSS sequencer handles the SysEx messages split in 6 bytes packets, and\nALSA sequencer OSS layer tries to combine those. It stores the data\nin the internal buffer and this access is racy as of now, which may\nlead to the out-of-bounds access.\n\nAs a temporary band-aid fix, introduce a mutex for serializing the\nprocess of the SysEx message packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57893",
"url": "https://www.suse.com/security/cve/CVE-2024-57893"
},
{
"category": "external",
"summary": "SUSE Bug 1235920 for CVE-2024-57893",
"url": "https://bugzilla.suse.com/1235920"
},
{
"category": "external",
"summary": "SUSE Bug 1235921 for CVE-2024-57893",
"url": "https://bugzilla.suse.com/1235921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2024-57893"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.202.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.202.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.202.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-14T09:55:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…