suse-su-2025:20342-1
Vulnerability from csaf_suse
Published
2025-05-22 13:03
Modified
2025-05-22 13:03
Summary
Security update for kernel-livepatch-MICRO-6-0-RT_Update_5

Notes

Title of the patch
Security update for kernel-livepatch-MICRO-6-0-RT_Update_5
Description of the patch
This update for kernel-livepatch-MICRO-6-0-RT_Update_5 fixes the following issues: - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235916)
Patchnames
SUSE-SLE-Micro-6.0-kernel-27
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_5",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for kernel-livepatch-MICRO-6-0-RT_Update_5 fixes the following issues:\n\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235916)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.0-kernel-27",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20342-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:20342-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520342-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:20342-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039432.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235916",
        "url": "https://bugzilla.suse.com/1235916"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57882 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57882/"
      }
    ],
    "title": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_5",
    "tracking": {
      "current_release_date": "2025-05-22T13:03:44Z",
      "generator": {
        "date": "2025-05-22T13:03:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:20342-1",
      "initial_release_date": "2025-05-22T13:03:44Z",
      "revision_history": [
        {
          "date": "2025-05-22T13:03:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64",
                  "product_id": "kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.0",
                "product": {
                  "name": "SUSE Linux Micro 6.0",
                  "product_id": "SUSE Linux Micro 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64"
        },
        "product_reference": "kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-57882",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57882"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57882",
          "url": "https://www.suse.com/security/cve/CVE-2024-57882"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235914 for CVE-2024-57882",
          "url": "https://bugzilla.suse.com/1235914"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235916 for CVE-2024-57882",
          "url": "https://bugzilla.suse.com/1235916"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-rt-2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-22T13:03:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-57882"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.