Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-49545 (GCVE-0-2022-49545)
Vulnerability from cvelistv5 – Published: 2025-02-26 02:13 – Updated: 2026-05-11 19:02
VLAI
EPSS
Title
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
At closing a USB MIDI output substream, there might be still a pending
work, which would eventually access the rawmidi runtime object that is
being released. For fixing the race, make sure to cancel the pending
work at closing.
Severity
5.5 (Medium)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 40bdb5ec957aca5c5c1924602bef6b0ab18e22d3
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 11868ca21585561659c2575b0d6508ef8e9c4291 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5e5fe2b6065541c6216a7a003b0cddf386be0d2d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 517dcef4d2dda0132648f1e4c079ed17bba4d1a4 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0125de38122f0f66bf61336158d12a1aabfe6425 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.10.121 , ≤ 5.10.* (semver) Unaffected: 5.15.46 , ≤ 5.15.* (semver) Unaffected: 5.17.14 , ≤ 5.17.* (semver) Unaffected: 5.18.3 , ≤ 5.18.* (semver) Unaffected: 5.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/midi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40bdb5ec957aca5c5c1924602bef6b0ab18e22d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "11868ca21585561659c2575b0d6508ef8e9c4291",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5e5fe2b6065541c6216a7a003b0cddf386be0d2d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "517dcef4d2dda0132648f1e4c079ed17bba4d1a4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0125de38122f0f66bf61336158d12a1aabfe6425",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/usb/midi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:02:01.004Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40bdb5ec957aca5c5c1924602bef6b0ab18e22d3"
},
{
"url": "https://git.kernel.org/stable/c/11868ca21585561659c2575b0d6508ef8e9c4291"
},
{
"url": "https://git.kernel.org/stable/c/5e5fe2b6065541c6216a7a003b0cddf386be0d2d"
},
{
"url": "https://git.kernel.org/stable/c/517dcef4d2dda0132648f1e4c079ed17bba4d1a4"
},
{
"url": "https://git.kernel.org/stable/c/0125de38122f0f66bf61336158d12a1aabfe6425"
}
],
"title": "ALSA: usb-audio: Cancel pending work at closing a MIDI substream",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49545",
"datePublished": "2025-02-26T02:13:58.363Z",
"dateReserved": "2025-02-26T02:08:31.590Z",
"dateUpdated": "2026-05-11T19:02:01.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-49545",
"date": "2026-06-07",
"epss": "0.00013",
"percentile": "0.02048"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49545\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:30.410\",\"lastModified\":\"2025-10-22T17:15:16.613\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\\n\\nAt closing a USB MIDI output substream, there might be still a pending\\nwork, which would eventually access the rawmidi runtime object that is\\nbeing released. For fixing the race, make sure to cancel the pending\\nwork at closing.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: Cancelar trabajo pendiente al cerrar un subflujo MIDI Al cerrar un subflujo de salida MIDI USB, es posible que a\u00fan haya un trabajo pendiente, que eventualmente acceder\u00eda al objeto de tiempo de ejecuci\u00f3n rawmidi que se est\u00e1 liberando. Para solucionar el problema, aseg\u00farese de cancelar el trabajo pendiente al cerrar.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.121\",\"matchCriteriaId\":\"814C88C6-C31D-462A-BBBE-BC83E102E84C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.46\",\"matchCriteriaId\":\"20D41697-0E8B-4B7D-8842-F17BF2AA21E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.17.14\",\"matchCriteriaId\":\"15E2DD33-2255-4B76-9C15-04FF8CBAB252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18\",\"versionEndExcluding\":\"5.18.3\",\"matchCriteriaId\":\"8E122216-2E9E-4B3E-B7B8-D575A45BA3C2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0125de38122f0f66bf61336158d12a1aabfe6425\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/11868ca21585561659c2575b0d6508ef8e9c4291\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/40bdb5ec957aca5c5c1924602bef6b0ab18e22d3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/517dcef4d2dda0132648f1e4c079ed17bba4d1a4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5e5fe2b6065541c6216a7a003b0cddf386be0d2d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
SUSE-SU-2025:02131-1
Vulnerability from csaf_suse - Published: 2025-06-26 11:03 - Updated: 2025-06-26 11:03Summary
Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_222 fixes several issues.
The following security issues were fixed:
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227903).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
- CVE-2022-49179: block, bfq: do not move oom_bfqq (bsc#1241331).
Patchnames: SUSE-2025-2131,SUSE-SLE-Live-Patching-12-SP5-2025-2131
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_222 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).\n- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).\n- CVE-2024-40937: gve: Clear napi-\u003eskb before dev_kfree_skb_any() (bsc#1227903).\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n- CVE-2022-49179: block, bfq: do not move oom_bfqq (bsc#1241331).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2131,SUSE-SLE-Live-Patching-12-SP5-2025-2131",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02131-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02131-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502131-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02131-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040483.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227903",
"url": "https://bugzilla.suse.com/1227903"
},
{
"category": "self",
"summary": "SUSE Bug 1232929",
"url": "https://bugzilla.suse.com/1232929"
},
{
"category": "self",
"summary": "SUSE Bug 1233680",
"url": "https://bugzilla.suse.com/1233680"
},
{
"category": "self",
"summary": "SUSE Bug 1233708",
"url": "https://bugzilla.suse.com/1233708"
},
{
"category": "self",
"summary": "SUSE Bug 1235062",
"url": "https://bugzilla.suse.com/1235062"
},
{
"category": "self",
"summary": "SUSE Bug 1235231",
"url": "https://bugzilla.suse.com/1235231"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE Bug 1241331",
"url": "https://bugzilla.suse.com/1241331"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49179 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40937 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-06-26T11:03:53Z",
"generator": {
"date": "2025-06-26T11:03:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02131-1",
"initial_release_date": "2025-06-26T11:03:53Z",
"revision_history": [
{
"date": "2025-06-26T11:03:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_222-default-13-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: don\u0027t move oom_bfqq\n\nOur test report a UAF:\n\n[ 2073.019181] ==================================================================\n[ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584\n[ 2073.019192]\n[ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5\n[ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 2073.019200] Call trace:\n[ 2073.019203] dump_backtrace+0x0/0x310\n[ 2073.019206] show_stack+0x28/0x38\n[ 2073.019210] dump_stack+0xec/0x15c\n[ 2073.019216] print_address_description+0x68/0x2d0\n[ 2073.019220] kasan_report+0x238/0x2f0\n[ 2073.019224] __asan_store8+0x88/0xb0\n[ 2073.019229] __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019233] bfq_put_async_queues+0xbc/0x208\n[ 2073.019236] bfq_pd_offline+0x178/0x238\n[ 2073.019240] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019244] bfq_exit_queue+0x128/0x178\n[ 2073.019249] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019252] elevator_exit+0xc8/0xd0\n[ 2073.019256] blk_exit_queue+0x50/0x88\n[ 2073.019259] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019267] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019274] null_exit+0x90/0x114 [null_blk]\n[ 2073.019278] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019282] el0_svc_common+0xc8/0x320\n[ 2073.019287] el0_svc_handler+0xf8/0x160\n[ 2073.019290] el0_svc+0x10/0x218\n[ 2073.019291]\n[ 2073.019294] Allocated by task 14163:\n[ 2073.019301] kasan_kmalloc+0xe0/0x190\n[ 2073.019305] kmem_cache_alloc_node_trace+0x1cc/0x418\n[ 2073.019308] bfq_pd_alloc+0x54/0x118\n[ 2073.019313] blkcg_activate_policy+0x250/0x460\n[ 2073.019317] bfq_create_group_hierarchy+0x38/0x110\n[ 2073.019321] bfq_init_queue+0x6d0/0x948\n[ 2073.019325] blk_mq_init_sched+0x1d8/0x390\n[ 2073.019330] elevator_switch_mq+0x88/0x170\n[ 2073.019334] elevator_switch+0x140/0x270\n[ 2073.019338] elv_iosched_store+0x1a4/0x2a0\n[ 2073.019342] queue_attr_store+0x90/0xe0\n[ 2073.019348] sysfs_kf_write+0xa8/0xe8\n[ 2073.019351] kernfs_fop_write+0x1f8/0x378\n[ 2073.019359] __vfs_write+0xe0/0x360\n[ 2073.019363] vfs_write+0xf0/0x270\n[ 2073.019367] ksys_write+0xdc/0x1b8\n[ 2073.019371] __arm64_sys_write+0x50/0x60\n[ 2073.019375] el0_svc_common+0xc8/0x320\n[ 2073.019380] el0_svc_handler+0xf8/0x160\n[ 2073.019383] el0_svc+0x10/0x218\n[ 2073.019385]\n[ 2073.019387] Freed by task 72584:\n[ 2073.019391] __kasan_slab_free+0x120/0x228\n[ 2073.019394] kasan_slab_free+0x10/0x18\n[ 2073.019397] kfree+0x94/0x368\n[ 2073.019400] bfqg_put+0x64/0xb0\n[ 2073.019404] bfqg_and_blkg_put+0x90/0xb0\n[ 2073.019408] bfq_put_queue+0x220/0x228\n[ 2073.019413] __bfq_put_async_bfqq+0x98/0x168\n[ 2073.019416] bfq_put_async_queues+0xbc/0x208\n[ 2073.019420] bfq_pd_offline+0x178/0x238\n[ 2073.019424] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019429] bfq_exit_queue+0x128/0x178\n[ 2073.019433] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019437] elevator_exit+0xc8/0xd0\n[ 2073.019440] blk_exit_queue+0x50/0x88\n[ 2073.019443] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019451] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019459] null_exit+0x90/0x114 [null_blk]\n[ 2073.019462] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019467] el0_svc_common+0xc8/0x320\n[ 2073.019471] el0_svc_handler+0xf8/0x160\n[ 2073.019474] el0_svc+0x10/0x218\n[ 2073.019475]\n[ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00\n which belongs to the cache kmalloc-1024 of size 1024\n[ 2073.019484] The buggy address is located 552 bytes inside of\n 1024-byte region [ffff8000ccf63f00, ffff8000ccf64300)\n[ 2073.019486] The buggy address belongs to the page:\n[ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0\n[ 2073.020123] flags: 0x7ffff0000008100(slab|head)\n[ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00\n[ 2073.020409] ra\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49179",
"url": "https://www.suse.com/security/cve/CVE-2022-49179"
},
{
"category": "external",
"summary": "SUSE Bug 1238092 for CVE-2022-49179",
"url": "https://bugzilla.suse.com/1238092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:03:53Z",
"details": "moderate"
}
],
"title": "CVE-2022-49179"
},
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:03:53Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
},
{
"cve": "CVE-2024-40937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Clear napi-\u003eskb before dev_kfree_skb_any()\n\ngve_rx_free_skb incorrectly leaves napi-\u003eskb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\n\nFix this by clearing napi-\u003eskb before the skb is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40937",
"url": "https://www.suse.com/security/cve/CVE-2024-40937"
},
{
"category": "external",
"summary": "SUSE Bug 1227836 for CVE-2024-40937",
"url": "https://bugzilla.suse.com/1227836"
},
{
"category": "external",
"summary": "SUSE Bug 1227903 for CVE-2024-40937",
"url": "https://bugzilla.suse.com/1227903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:03:53Z",
"details": "important"
}
],
"title": "CVE-2024-40937"
},
{
"cve": "CVE-2024-50125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\nsco_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50125",
"url": "https://www.suse.com/security/cve/CVE-2024-50125"
},
{
"category": "external",
"summary": "SUSE Bug 1232928 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "external",
"summary": "SUSE Bug 1232929 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:03:53Z",
"details": "important"
}
],
"title": "CVE-2024-50125"
},
{
"cve": "CVE-2024-50279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50279",
"url": "https://www.suse.com/security/cve/CVE-2024-50279"
},
{
"category": "external",
"summary": "SUSE Bug 1233468 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "external",
"summary": "SUSE Bug 1233708 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:03:53Z",
"details": "important"
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------\u003e+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50301",
"url": "https://www.suse.com/security/cve/CVE-2024-50301"
},
{
"category": "external",
"summary": "SUSE Bug 1233490 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "external",
"summary": "SUSE Bug 1233680 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:03:53Z",
"details": "important"
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:03:53Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:03:53Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
}
]
}
SUSE-SU-2025:02132-1
Vulnerability from csaf_suse - Published: 2025-06-26 11:33 - Updated: 2025-06-26 11:33Summary
Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_237 fixes several issues.
The following security issues were fixed:
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
- CVE-2022-49179: block, bfq: do not move oom_bfqq (bsc#1241331).
Patchnames: SUSE-2025-2132,SUSE-SLE-Live-Patching-12-SP5-2025-2132
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_237 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n- CVE-2022-49179: block, bfq: do not move oom_bfqq (bsc#1241331).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2132,SUSE-SLE-Live-Patching-12-SP5-2025-2132",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02132-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02132-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502132-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02132-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040482.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235062",
"url": "https://bugzilla.suse.com/1235062"
},
{
"category": "self",
"summary": "SUSE Bug 1235231",
"url": "https://bugzilla.suse.com/1235231"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE Bug 1241331",
"url": "https://bugzilla.suse.com/1241331"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49179 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 63 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-06-26T11:33:30Z",
"generator": {
"date": "2025-06-26T11:33:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02132-1",
"initial_release_date": "2025-06-26T11:33:30Z",
"revision_history": [
{
"date": "2025-06-26T11:33:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_237-default-6-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: don\u0027t move oom_bfqq\n\nOur test report a UAF:\n\n[ 2073.019181] ==================================================================\n[ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584\n[ 2073.019192]\n[ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5\n[ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 2073.019200] Call trace:\n[ 2073.019203] dump_backtrace+0x0/0x310\n[ 2073.019206] show_stack+0x28/0x38\n[ 2073.019210] dump_stack+0xec/0x15c\n[ 2073.019216] print_address_description+0x68/0x2d0\n[ 2073.019220] kasan_report+0x238/0x2f0\n[ 2073.019224] __asan_store8+0x88/0xb0\n[ 2073.019229] __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019233] bfq_put_async_queues+0xbc/0x208\n[ 2073.019236] bfq_pd_offline+0x178/0x238\n[ 2073.019240] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019244] bfq_exit_queue+0x128/0x178\n[ 2073.019249] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019252] elevator_exit+0xc8/0xd0\n[ 2073.019256] blk_exit_queue+0x50/0x88\n[ 2073.019259] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019267] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019274] null_exit+0x90/0x114 [null_blk]\n[ 2073.019278] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019282] el0_svc_common+0xc8/0x320\n[ 2073.019287] el0_svc_handler+0xf8/0x160\n[ 2073.019290] el0_svc+0x10/0x218\n[ 2073.019291]\n[ 2073.019294] Allocated by task 14163:\n[ 2073.019301] kasan_kmalloc+0xe0/0x190\n[ 2073.019305] kmem_cache_alloc_node_trace+0x1cc/0x418\n[ 2073.019308] bfq_pd_alloc+0x54/0x118\n[ 2073.019313] blkcg_activate_policy+0x250/0x460\n[ 2073.019317] bfq_create_group_hierarchy+0x38/0x110\n[ 2073.019321] bfq_init_queue+0x6d0/0x948\n[ 2073.019325] blk_mq_init_sched+0x1d8/0x390\n[ 2073.019330] elevator_switch_mq+0x88/0x170\n[ 2073.019334] elevator_switch+0x140/0x270\n[ 2073.019338] elv_iosched_store+0x1a4/0x2a0\n[ 2073.019342] queue_attr_store+0x90/0xe0\n[ 2073.019348] sysfs_kf_write+0xa8/0xe8\n[ 2073.019351] kernfs_fop_write+0x1f8/0x378\n[ 2073.019359] __vfs_write+0xe0/0x360\n[ 2073.019363] vfs_write+0xf0/0x270\n[ 2073.019367] ksys_write+0xdc/0x1b8\n[ 2073.019371] __arm64_sys_write+0x50/0x60\n[ 2073.019375] el0_svc_common+0xc8/0x320\n[ 2073.019380] el0_svc_handler+0xf8/0x160\n[ 2073.019383] el0_svc+0x10/0x218\n[ 2073.019385]\n[ 2073.019387] Freed by task 72584:\n[ 2073.019391] __kasan_slab_free+0x120/0x228\n[ 2073.019394] kasan_slab_free+0x10/0x18\n[ 2073.019397] kfree+0x94/0x368\n[ 2073.019400] bfqg_put+0x64/0xb0\n[ 2073.019404] bfqg_and_blkg_put+0x90/0xb0\n[ 2073.019408] bfq_put_queue+0x220/0x228\n[ 2073.019413] __bfq_put_async_bfqq+0x98/0x168\n[ 2073.019416] bfq_put_async_queues+0xbc/0x208\n[ 2073.019420] bfq_pd_offline+0x178/0x238\n[ 2073.019424] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019429] bfq_exit_queue+0x128/0x178\n[ 2073.019433] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019437] elevator_exit+0xc8/0xd0\n[ 2073.019440] blk_exit_queue+0x50/0x88\n[ 2073.019443] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019451] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019459] null_exit+0x90/0x114 [null_blk]\n[ 2073.019462] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019467] el0_svc_common+0xc8/0x320\n[ 2073.019471] el0_svc_handler+0xf8/0x160\n[ 2073.019474] el0_svc+0x10/0x218\n[ 2073.019475]\n[ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00\n which belongs to the cache kmalloc-1024 of size 1024\n[ 2073.019484] The buggy address is located 552 bytes inside of\n 1024-byte region [ffff8000ccf63f00, ffff8000ccf64300)\n[ 2073.019486] The buggy address belongs to the page:\n[ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0\n[ 2073.020123] flags: 0x7ffff0000008100(slab|head)\n[ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00\n[ 2073.020409] ra\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49179",
"url": "https://www.suse.com/security/cve/CVE-2022-49179"
},
{
"category": "external",
"summary": "SUSE Bug 1238092 for CVE-2022-49179",
"url": "https://bugzilla.suse.com/1238092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:33:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-49179"
},
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:33:30Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:33:30Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_237-default-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T11:33:30Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
}
]
}
SUSE-SU-2025:02135-1
Vulnerability from csaf_suse - Published: 2025-06-26 13:03 - Updated: 2025-06-26 13:03Summary
Security update for the Linux Kernel (Live Patch 66 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 66 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_250 fixes several issues.
The following security issues were fixed:
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
- CVE-2022-49179: block, bfq: do not move oom_bfqq (bsc#1241331).
Patchnames: SUSE-2025-2135,SUSE-SLE-Live-Patching-12-SP5-2025-2135
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 66 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_250 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n- CVE-2022-49179: block, bfq: do not move oom_bfqq (bsc#1241331).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2135,SUSE-SLE-Live-Patching-12-SP5-2025-2135",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02135-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02135-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502135-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02135-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040513.html"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE Bug 1241331",
"url": "https://bugzilla.suse.com/1241331"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49179 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 66 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-06-26T13:03:44Z",
"generator": {
"date": "2025-06-26T13:03:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02135-1",
"initial_release_date": "2025-06-26T13:03:44Z",
"revision_history": [
{
"date": "2025-06-26T13:03:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_250-default-3-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: don\u0027t move oom_bfqq\n\nOur test report a UAF:\n\n[ 2073.019181] ==================================================================\n[ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584\n[ 2073.019192]\n[ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5\n[ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 2073.019200] Call trace:\n[ 2073.019203] dump_backtrace+0x0/0x310\n[ 2073.019206] show_stack+0x28/0x38\n[ 2073.019210] dump_stack+0xec/0x15c\n[ 2073.019216] print_address_description+0x68/0x2d0\n[ 2073.019220] kasan_report+0x238/0x2f0\n[ 2073.019224] __asan_store8+0x88/0xb0\n[ 2073.019229] __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019233] bfq_put_async_queues+0xbc/0x208\n[ 2073.019236] bfq_pd_offline+0x178/0x238\n[ 2073.019240] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019244] bfq_exit_queue+0x128/0x178\n[ 2073.019249] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019252] elevator_exit+0xc8/0xd0\n[ 2073.019256] blk_exit_queue+0x50/0x88\n[ 2073.019259] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019267] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019274] null_exit+0x90/0x114 [null_blk]\n[ 2073.019278] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019282] el0_svc_common+0xc8/0x320\n[ 2073.019287] el0_svc_handler+0xf8/0x160\n[ 2073.019290] el0_svc+0x10/0x218\n[ 2073.019291]\n[ 2073.019294] Allocated by task 14163:\n[ 2073.019301] kasan_kmalloc+0xe0/0x190\n[ 2073.019305] kmem_cache_alloc_node_trace+0x1cc/0x418\n[ 2073.019308] bfq_pd_alloc+0x54/0x118\n[ 2073.019313] blkcg_activate_policy+0x250/0x460\n[ 2073.019317] bfq_create_group_hierarchy+0x38/0x110\n[ 2073.019321] bfq_init_queue+0x6d0/0x948\n[ 2073.019325] blk_mq_init_sched+0x1d8/0x390\n[ 2073.019330] elevator_switch_mq+0x88/0x170\n[ 2073.019334] elevator_switch+0x140/0x270\n[ 2073.019338] elv_iosched_store+0x1a4/0x2a0\n[ 2073.019342] queue_attr_store+0x90/0xe0\n[ 2073.019348] sysfs_kf_write+0xa8/0xe8\n[ 2073.019351] kernfs_fop_write+0x1f8/0x378\n[ 2073.019359] __vfs_write+0xe0/0x360\n[ 2073.019363] vfs_write+0xf0/0x270\n[ 2073.019367] ksys_write+0xdc/0x1b8\n[ 2073.019371] __arm64_sys_write+0x50/0x60\n[ 2073.019375] el0_svc_common+0xc8/0x320\n[ 2073.019380] el0_svc_handler+0xf8/0x160\n[ 2073.019383] el0_svc+0x10/0x218\n[ 2073.019385]\n[ 2073.019387] Freed by task 72584:\n[ 2073.019391] __kasan_slab_free+0x120/0x228\n[ 2073.019394] kasan_slab_free+0x10/0x18\n[ 2073.019397] kfree+0x94/0x368\n[ 2073.019400] bfqg_put+0x64/0xb0\n[ 2073.019404] bfqg_and_blkg_put+0x90/0xb0\n[ 2073.019408] bfq_put_queue+0x220/0x228\n[ 2073.019413] __bfq_put_async_bfqq+0x98/0x168\n[ 2073.019416] bfq_put_async_queues+0xbc/0x208\n[ 2073.019420] bfq_pd_offline+0x178/0x238\n[ 2073.019424] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019429] bfq_exit_queue+0x128/0x178\n[ 2073.019433] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019437] elevator_exit+0xc8/0xd0\n[ 2073.019440] blk_exit_queue+0x50/0x88\n[ 2073.019443] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019451] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019459] null_exit+0x90/0x114 [null_blk]\n[ 2073.019462] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019467] el0_svc_common+0xc8/0x320\n[ 2073.019471] el0_svc_handler+0xf8/0x160\n[ 2073.019474] el0_svc+0x10/0x218\n[ 2073.019475]\n[ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00\n which belongs to the cache kmalloc-1024 of size 1024\n[ 2073.019484] The buggy address is located 552 bytes inside of\n 1024-byte region [ffff8000ccf63f00, ffff8000ccf64300)\n[ 2073.019486] The buggy address belongs to the page:\n[ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0\n[ 2073.020123] flags: 0x7ffff0000008100(slab|head)\n[ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00\n[ 2073.020409] ra\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49179",
"url": "https://www.suse.com/security/cve/CVE-2022-49179"
},
{
"category": "external",
"summary": "SUSE Bug 1238092 for CVE-2022-49179",
"url": "https://bugzilla.suse.com/1238092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T13:03:44Z",
"details": "moderate"
}
],
"title": "CVE-2022-49179"
},
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T13:03:44Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
}
]
}
SUSE-SU-2025:02136-1
Vulnerability from csaf_suse - Published: 2025-06-26 14:03 - Updated: 2025-06-26 14:03Summary
Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues.
The following security issues were fixed:
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
Patchnames: SUSE-2025-2136,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2136
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).\n- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).\n- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2136,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2136",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02136-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02136-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502136-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02136-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040512.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232908",
"url": "https://bugzilla.suse.com/1232908"
},
{
"category": "self",
"summary": "SUSE Bug 1232929",
"url": "https://bugzilla.suse.com/1232929"
},
{
"category": "self",
"summary": "SUSE Bug 1233680",
"url": "https://bugzilla.suse.com/1233680"
},
{
"category": "self",
"summary": "SUSE Bug 1233708",
"url": "https://bugzilla.suse.com/1233708"
},
{
"category": "self",
"summary": "SUSE Bug 1235062",
"url": "https://bugzilla.suse.com/1235062"
},
{
"category": "self",
"summary": "SUSE Bug 1235231",
"url": "https://bugzilla.suse.com/1235231"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-06-26T14:03:45Z",
"generator": {
"date": "2025-06-26T14:03:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02136-1",
"initial_release_date": "2025-06-26T14:03:45Z",
"revision_history": [
{
"date": "2025-06-26T14:03:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_179-preempt-11-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_179-preempt-11-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_179-preempt-11-150300.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T14:03:45Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
},
{
"cve": "CVE-2024-50125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\nsco_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50125",
"url": "https://www.suse.com/security/cve/CVE-2024-50125"
},
{
"category": "external",
"summary": "SUSE Bug 1232928 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "external",
"summary": "SUSE Bug 1232929 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T14:03:45Z",
"details": "important"
}
],
"title": "CVE-2024-50125"
},
{
"cve": "CVE-2024-50127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched\nswitch / removal caused by \u0027advance_sched()\u0027, and critical section\nprotected by \u0027q-\u003ecurrent_entry_lock\u0027 is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer \u0027rcu_replace_pointer()\u0027 over \u0027rcu_assign_pointer()\u0027 to update\n\u0027admin\u0027 immediately before an attempt to schedule freeing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50127",
"url": "https://www.suse.com/security/cve/CVE-2024-50127"
},
{
"category": "external",
"summary": "SUSE Bug 1232907 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "external",
"summary": "SUSE Bug 1232908 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T14:03:45Z",
"details": "important"
}
],
"title": "CVE-2024-50127"
},
{
"cve": "CVE-2024-50279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50279",
"url": "https://www.suse.com/security/cve/CVE-2024-50279"
},
{
"category": "external",
"summary": "SUSE Bug 1233468 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "external",
"summary": "SUSE Bug 1233708 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T14:03:45Z",
"details": "important"
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------\u003e+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50301",
"url": "https://www.suse.com/security/cve/CVE-2024-50301"
},
{
"category": "external",
"summary": "SUSE Bug 1233490 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "external",
"summary": "SUSE Bug 1233680 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T14:03:45Z",
"details": "important"
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T14:03:45Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-11-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T14:03:45Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
}
]
}
SUSE-SU-2025:02138-1
Vulnerability from csaf_suse - Published: 2025-06-26 15:34 - Updated: 2025-06-26 15:34Summary
Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.
The following security issues were fixed:
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
Patchnames: SUSE-2025-2138,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2138
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2138,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2138",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02138-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02138-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502138-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02138-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040496.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235231",
"url": "https://bugzilla.suse.com/1235231"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-06-26T15:34:35Z",
"generator": {
"date": "2025-06-26T15:34:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02138-1",
"initial_release_date": "2025-06-26T15:34:35Z",
"revision_history": [
{
"date": "2025-06-26T15:34:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-preempt-6-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-preempt-6-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-preempt-6-150300.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T15:34:35Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_188-default-6-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T15:34:35Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
}
]
}
SUSE-SU-2025:02139-1
Vulnerability from csaf_suse - Published: 2025-06-26 16:03 - Updated: 2025-06-26 16:03Summary
Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues.
The following security issues were fixed:
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227903).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
Patchnames: SUSE-2025-2139,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2139
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).\n- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).\n- CVE-2024-40937: gve: Clear napi-\u003eskb before dev_kfree_skb_any() (bsc#1227903).\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2139,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2139",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02139-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02139-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502139-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02139-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040518.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227903",
"url": "https://bugzilla.suse.com/1227903"
},
{
"category": "self",
"summary": "SUSE Bug 1232908",
"url": "https://bugzilla.suse.com/1232908"
},
{
"category": "self",
"summary": "SUSE Bug 1232929",
"url": "https://bugzilla.suse.com/1232929"
},
{
"category": "self",
"summary": "SUSE Bug 1233680",
"url": "https://bugzilla.suse.com/1233680"
},
{
"category": "self",
"summary": "SUSE Bug 1233708",
"url": "https://bugzilla.suse.com/1233708"
},
{
"category": "self",
"summary": "SUSE Bug 1235062",
"url": "https://bugzilla.suse.com/1235062"
},
{
"category": "self",
"summary": "SUSE Bug 1235231",
"url": "https://bugzilla.suse.com/1235231"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40937 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-06-26T16:03:55Z",
"generator": {
"date": "2025-06-26T16:03:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02139-1",
"initial_release_date": "2025-06-26T16:03:55Z",
"revision_history": [
{
"date": "2025-06-26T16:03:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_161-preempt-19-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_161-preempt-19-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_161-preempt-19-150300.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:03:55Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
},
{
"cve": "CVE-2024-40937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Clear napi-\u003eskb before dev_kfree_skb_any()\n\ngve_rx_free_skb incorrectly leaves napi-\u003eskb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\n\nFix this by clearing napi-\u003eskb before the skb is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40937",
"url": "https://www.suse.com/security/cve/CVE-2024-40937"
},
{
"category": "external",
"summary": "SUSE Bug 1227836 for CVE-2024-40937",
"url": "https://bugzilla.suse.com/1227836"
},
{
"category": "external",
"summary": "SUSE Bug 1227903 for CVE-2024-40937",
"url": "https://bugzilla.suse.com/1227903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:03:55Z",
"details": "important"
}
],
"title": "CVE-2024-40937"
},
{
"cve": "CVE-2024-50125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\nsco_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50125",
"url": "https://www.suse.com/security/cve/CVE-2024-50125"
},
{
"category": "external",
"summary": "SUSE Bug 1232928 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "external",
"summary": "SUSE Bug 1232929 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:03:55Z",
"details": "important"
}
],
"title": "CVE-2024-50125"
},
{
"cve": "CVE-2024-50127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched\nswitch / removal caused by \u0027advance_sched()\u0027, and critical section\nprotected by \u0027q-\u003ecurrent_entry_lock\u0027 is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer \u0027rcu_replace_pointer()\u0027 over \u0027rcu_assign_pointer()\u0027 to update\n\u0027admin\u0027 immediately before an attempt to schedule freeing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50127",
"url": "https://www.suse.com/security/cve/CVE-2024-50127"
},
{
"category": "external",
"summary": "SUSE Bug 1232907 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "external",
"summary": "SUSE Bug 1232908 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:03:55Z",
"details": "important"
}
],
"title": "CVE-2024-50127"
},
{
"cve": "CVE-2024-50279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50279",
"url": "https://www.suse.com/security/cve/CVE-2024-50279"
},
{
"category": "external",
"summary": "SUSE Bug 1233468 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "external",
"summary": "SUSE Bug 1233708 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:03:55Z",
"details": "important"
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------\u003e+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50301",
"url": "https://www.suse.com/security/cve/CVE-2024-50301"
},
{
"category": "external",
"summary": "SUSE Bug 1233490 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "external",
"summary": "SUSE Bug 1233680 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:03:55Z",
"details": "important"
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:03:55Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-19-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:03:55Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
}
]
}
SUSE-SU-2025:02140-1
Vulnerability from csaf_suse - Published: 2025-06-26 16:33 - Updated: 2025-06-26 16:33Summary
Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_182 fixes several issues.
The following security issues were fixed:
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
Patchnames: SUSE-2025-2140,SUSE-2025-2141,SUSE-2025-2143,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2140
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_182 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).\n- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).\n- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2140,SUSE-2025-2141,SUSE-2025-2143,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2140",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02140-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02140-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502140-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02140-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040517.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232908",
"url": "https://bugzilla.suse.com/1232908"
},
{
"category": "self",
"summary": "SUSE Bug 1232929",
"url": "https://bugzilla.suse.com/1232929"
},
{
"category": "self",
"summary": "SUSE Bug 1233680",
"url": "https://bugzilla.suse.com/1233680"
},
{
"category": "self",
"summary": "SUSE Bug 1233708",
"url": "https://bugzilla.suse.com/1233708"
},
{
"category": "self",
"summary": "SUSE Bug 1235062",
"url": "https://bugzilla.suse.com/1235062"
},
{
"category": "self",
"summary": "SUSE Bug 1235231",
"url": "https://bugzilla.suse.com/1235231"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-06-26T16:33:38Z",
"generator": {
"date": "2025-06-26T16:33:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02140-1",
"initial_release_date": "2025-06-26T16:33:38Z",
"revision_history": [
{
"date": "2025-06-26T16:33:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_182-preempt-9-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_182-preempt-9-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_182-preempt-9-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_170-default-13-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_170-preempt-13-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_170-preempt-13-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_170-preempt-13-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-12-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-preempt-12-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-preempt-12-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-preempt-12-150300.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
},
{
"cve": "CVE-2024-50125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\nsco_sk_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50125",
"url": "https://www.suse.com/security/cve/CVE-2024-50125"
},
{
"category": "external",
"summary": "SUSE Bug 1232928 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232928"
},
{
"category": "external",
"summary": "SUSE Bug 1232929 for CVE-2024-50125",
"url": "https://bugzilla.suse.com/1232929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2024-50125"
},
{
"cve": "CVE-2024-50127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched\nswitch / removal caused by \u0027advance_sched()\u0027, and critical section\nprotected by \u0027q-\u003ecurrent_entry_lock\u0027 is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer \u0027rcu_replace_pointer()\u0027 over \u0027rcu_assign_pointer()\u0027 to update\n\u0027admin\u0027 immediately before an attempt to schedule freeing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50127",
"url": "https://www.suse.com/security/cve/CVE-2024-50127"
},
{
"category": "external",
"summary": "SUSE Bug 1232907 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232907"
},
{
"category": "external",
"summary": "SUSE Bug 1232908 for CVE-2024-50127",
"url": "https://bugzilla.suse.com/1232908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2024-50127"
},
{
"cve": "CVE-2024-50279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50279",
"url": "https://www.suse.com/security/cve/CVE-2024-50279"
},
{
"category": "external",
"summary": "SUSE Bug 1233468 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233468"
},
{
"category": "external",
"summary": "SUSE Bug 1233708 for CVE-2024-50279",
"url": "https://bugzilla.suse.com/1233708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern \u00270xxxxxxxe6\u0027.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------\u003e+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50301",
"url": "https://www.suse.com/security/cve/CVE-2024-50301"
},
{
"category": "external",
"summary": "SUSE Bug 1233490 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233490"
},
{
"category": "external",
"summary": "SUSE Bug 1233680 for CVE-2024-50301",
"url": "https://bugzilla.suse.com/1233680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-9-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-26T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
}
]
}
SUSE-SU-2025:02145-1
Vulnerability from csaf_suse - Published: 2025-06-27 04:04 - Updated: 2025-06-27 04:04Summary
Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.
The following security issues were fixed:
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
Patchnames: SUSE-2025-2145,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2145
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2145,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2145",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02145-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02145-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502145-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02145-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040520.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235062",
"url": "https://bugzilla.suse.com/1235062"
},
{
"category": "self",
"summary": "SUSE Bug 1235231",
"url": "https://bugzilla.suse.com/1235231"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-06-27T04:04:00Z",
"generator": {
"date": "2025-06-27T04:04:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02145-1",
"initial_release_date": "2025-06-27T04:04:00Z",
"revision_history": [
{
"date": "2025-06-27T04:04:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_185-preempt-7-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_185-preempt-7-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_185-preempt-7-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-27T04:04:00Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
},
{
"cve": "CVE-2024-56601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56601",
"url": "https://www.suse.com/security/cve/CVE-2024-56601"
},
{
"category": "external",
"summary": "SUSE Bug 1235230 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235230"
},
{
"category": "external",
"summary": "SUSE Bug 1235231 for CVE-2024-56601",
"url": "https://bugzilla.suse.com/1235231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-27T04:04:00Z",
"details": "important"
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-7-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-27T04:04:00Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
}
]
}
SUSE-SU-2025:02146-1
Vulnerability from csaf_suse - Published: 2025-06-27 04:04 - Updated: 2025-06-27 04:04Summary
Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_195 fixes one issue.
The following security issue was fixed:
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
Patchnames: SUSE-2025-2146,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2146
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_195 fixes one issue.\n\nThe following security issue was fixed:\n\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2146,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2146",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02146-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02146-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502146-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02146-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040519.html"
},
{
"category": "self",
"summary": "SUSE Bug 1238730",
"url": "https://bugzilla.suse.com/1238730"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-06-27T04:04:07Z",
"generator": {
"date": "2025-06-27T04:04:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02146-1",
"initial_release_date": "2025-06-27T04:04:07Z",
"revision_history": [
{
"date": "2025-06-27T04:04:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_195-preempt-3-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_195-preempt-3-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_195-preempt-3-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_195-default-3-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-27T04:04:07Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
}
]
}
SUSE-SU-2025:0983-1
Vulnerability from csaf_suse - Published: 2025-03-21 17:44 - Updated: 2025-03-21 17:44Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
Patchnames: SUSE-2025-983,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-983
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.1 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
65 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768).\n- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).\n- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-983,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-983",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0983-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0983-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0983-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020579.html"
},
{
"category": "self",
"summary": "SUSE Bug 1197331",
"url": "https://bugzilla.suse.com/1197331"
},
{
"category": "self",
"summary": "SUSE Bug 1203769",
"url": "https://bugzilla.suse.com/1203769"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1237768",
"url": "https://bugzilla.suse.com/1237768"
},
{
"category": "self",
"summary": "SUSE Bug 1238271",
"url": "https://bugzilla.suse.com/1238271"
},
{
"category": "self",
"summary": "SUSE Bug 1238272",
"url": "https://bugzilla.suse.com/1238272"
},
{
"category": "self",
"summary": "SUSE Bug 1238454",
"url": "https://bugzilla.suse.com/1238454"
},
{
"category": "self",
"summary": "SUSE Bug 1238705",
"url": "https://bugzilla.suse.com/1238705"
},
{
"category": "self",
"summary": "SUSE Bug 1238729",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47633 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1048 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3303 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49272 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49288 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49291 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49545 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49733 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-21T17:44:17Z",
"generator": {
"date": "2025-03-21T17:44:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0983-1",
"initial_release_date": "2025-03-21T17:44:17Z",
"revision_history": [
{
"date": "2025-03-21T17:44:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-debug-3.0.101-108.180.1.i586",
"product_id": "kernel-debug-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-debug-base-3.0.101-108.180.1.i586",
"product_id": "kernel-debug-base-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-debug-devel-3.0.101-108.180.1.i586",
"product_id": "kernel-debug-devel-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-debug-extra-3.0.101-108.180.1.i586",
"product_id": "kernel-debug-extra-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-debug-hmac-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-debug-hmac-3.0.101-108.180.1.i586",
"product_id": "kernel-debug-hmac-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-default-3.0.101-108.180.1.i586",
"product_id": "kernel-default-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-base-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-default-base-3.0.101-108.180.1.i586",
"product_id": "kernel-default-base-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-default-devel-3.0.101-108.180.1.i586",
"product_id": "kernel-default-devel-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-default-extra-3.0.101-108.180.1.i586",
"product_id": "kernel-default-extra-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-hmac-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-default-hmac-3.0.101-108.180.1.i586",
"product_id": "kernel-default-hmac-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-ec2-3.0.101-108.180.1.i586",
"product_id": "kernel-ec2-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-base-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-ec2-base-3.0.101-108.180.1.i586",
"product_id": "kernel-ec2-base-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-devel-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-ec2-devel-3.0.101-108.180.1.i586",
"product_id": "kernel-ec2-devel-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-extra-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-ec2-extra-3.0.101-108.180.1.i586",
"product_id": "kernel-ec2-extra-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-hmac-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-ec2-hmac-3.0.101-108.180.1.i586",
"product_id": "kernel-ec2-hmac-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-pae-3.0.101-108.180.1.i586",
"product_id": "kernel-pae-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-base-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-pae-base-3.0.101-108.180.1.i586",
"product_id": "kernel-pae-base-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-devel-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-pae-devel-3.0.101-108.180.1.i586",
"product_id": "kernel-pae-devel-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-extra-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-pae-extra-3.0.101-108.180.1.i586",
"product_id": "kernel-pae-extra-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-hmac-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-pae-hmac-3.0.101-108.180.1.i586",
"product_id": "kernel-pae-hmac-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-source-3.0.101-108.180.1.i586",
"product_id": "kernel-source-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.180.1.i586",
"product_id": "kernel-source-vanilla-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-syms-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-syms-3.0.101-108.180.1.i586",
"product_id": "kernel-syms-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-trace-3.0.101-108.180.1.i586",
"product_id": "kernel-trace-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-base-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-trace-base-3.0.101-108.180.1.i586",
"product_id": "kernel-trace-base-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-devel-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-trace-devel-3.0.101-108.180.1.i586",
"product_id": "kernel-trace-devel-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-extra-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-trace-extra-3.0.101-108.180.1.i586",
"product_id": "kernel-trace-extra-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-hmac-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-trace-hmac-3.0.101-108.180.1.i586",
"product_id": "kernel-trace-hmac-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-vanilla-3.0.101-108.180.1.i586",
"product_id": "kernel-vanilla-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-vanilla-base-3.0.101-108.180.1.i586",
"product_id": "kernel-vanilla-base-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-vanilla-devel-3.0.101-108.180.1.i586",
"product_id": "kernel-vanilla-devel-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-hmac-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-vanilla-hmac-3.0.101-108.180.1.i586",
"product_id": "kernel-vanilla-hmac-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-xen-3.0.101-108.180.1.i586",
"product_id": "kernel-xen-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-base-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-xen-base-3.0.101-108.180.1.i586",
"product_id": "kernel-xen-base-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-devel-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-xen-devel-3.0.101-108.180.1.i586",
"product_id": "kernel-xen-devel-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-extra-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-xen-extra-3.0.101-108.180.1.i586",
"product_id": "kernel-xen-extra-3.0.101-108.180.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-hmac-3.0.101-108.180.1.i586",
"product": {
"name": "kernel-xen-hmac-3.0.101-108.180.1.i586",
"product_id": "kernel-xen-hmac-3.0.101-108.180.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.180.1.ia64",
"product": {
"name": "kernel-source-3.0.101-108.180.1.ia64",
"product_id": "kernel-source-3.0.101-108.180.1.ia64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.180.1.ia64",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.180.1.ia64",
"product_id": "kernel-source-vanilla-3.0.101-108.180.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-docs-3.0.101-108.180.1.noarch",
"product": {
"name": "kernel-docs-3.0.101-108.180.1.noarch",
"product_id": "kernel-docs-3.0.101-108.180.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.180.1.ppc",
"product": {
"name": "kernel-source-3.0.101-108.180.1.ppc",
"product_id": "kernel-source-3.0.101-108.180.1.ppc"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.180.1.ppc",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.180.1.ppc",
"product_id": "kernel-source-vanilla-3.0.101-108.180.1.ppc"
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.180.1.ppc64",
"product": {
"name": "kernel-source-3.0.101-108.180.1.ppc64",
"product_id": "kernel-source-3.0.101-108.180.1.ppc64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.180.1.ppc64",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.180.1.ppc64",
"product_id": "kernel-source-vanilla-3.0.101-108.180.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.180.1.s390",
"product": {
"name": "kernel-source-3.0.101-108.180.1.s390",
"product_id": "kernel-source-3.0.101-108.180.1.s390"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.180.1.s390",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.180.1.s390",
"product_id": "kernel-source-vanilla-3.0.101-108.180.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.180.1.s390x",
"product": {
"name": "kernel-source-3.0.101-108.180.1.s390x",
"product_id": "kernel-source-3.0.101-108.180.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.180.1.s390x",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.180.1.s390x",
"product_id": "kernel-source-vanilla-3.0.101-108.180.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-debug-3.0.101-108.180.1.x86_64",
"product_id": "kernel-debug-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-debug-base-3.0.101-108.180.1.x86_64",
"product_id": "kernel-debug-base-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-debug-devel-3.0.101-108.180.1.x86_64",
"product_id": "kernel-debug-devel-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-debug-extra-3.0.101-108.180.1.x86_64",
"product_id": "kernel-debug-extra-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-hmac-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-debug-hmac-3.0.101-108.180.1.x86_64",
"product_id": "kernel-debug-hmac-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-default-3.0.101-108.180.1.x86_64",
"product_id": "kernel-default-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-default-base-3.0.101-108.180.1.x86_64",
"product_id": "kernel-default-base-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-default-devel-3.0.101-108.180.1.x86_64",
"product_id": "kernel-default-devel-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-default-extra-3.0.101-108.180.1.x86_64",
"product_id": "kernel-default-extra-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-hmac-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-default-hmac-3.0.101-108.180.1.x86_64",
"product_id": "kernel-default-hmac-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-ec2-3.0.101-108.180.1.x86_64",
"product_id": "kernel-ec2-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-base-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-ec2-base-3.0.101-108.180.1.x86_64",
"product_id": "kernel-ec2-base-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"product_id": "kernel-ec2-devel-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-extra-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-ec2-extra-3.0.101-108.180.1.x86_64",
"product_id": "kernel-ec2-extra-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-hmac-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-ec2-hmac-3.0.101-108.180.1.x86_64",
"product_id": "kernel-ec2-hmac-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-source-3.0.101-108.180.1.x86_64",
"product_id": "kernel-source-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.180.1.x86_64",
"product_id": "kernel-source-vanilla-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-syms-3.0.101-108.180.1.x86_64",
"product_id": "kernel-syms-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-trace-3.0.101-108.180.1.x86_64",
"product_id": "kernel-trace-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-base-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-trace-base-3.0.101-108.180.1.x86_64",
"product_id": "kernel-trace-base-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-devel-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-trace-devel-3.0.101-108.180.1.x86_64",
"product_id": "kernel-trace-devel-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-extra-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-trace-extra-3.0.101-108.180.1.x86_64",
"product_id": "kernel-trace-extra-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-hmac-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-trace-hmac-3.0.101-108.180.1.x86_64",
"product_id": "kernel-trace-hmac-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-vanilla-3.0.101-108.180.1.x86_64",
"product_id": "kernel-vanilla-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-vanilla-base-3.0.101-108.180.1.x86_64",
"product_id": "kernel-vanilla-base-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-3.0.101-108.180.1.x86_64",
"product_id": "kernel-vanilla-devel-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-hmac-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-vanilla-hmac-3.0.101-108.180.1.x86_64",
"product_id": "kernel-vanilla-hmac-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-xen-3.0.101-108.180.1.x86_64",
"product_id": "kernel-xen-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-base-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-xen-base-3.0.101-108.180.1.x86_64",
"product_id": "kernel-xen-base-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-devel-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-xen-devel-3.0.101-108.180.1.x86_64",
"product_id": "kernel-xen-devel-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-extra-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-xen-extra-3.0.101-108.180.1.x86_64",
"product_id": "kernel-xen-extra-3.0.101-108.180.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-hmac-3.0.101-108.180.1.x86_64",
"product": {
"name": "kernel-xen-hmac-3.0.101-108.180.1.x86_64",
"product_id": "kernel-xen-hmac-3.0.101-108.180.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss-extreme-core:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-default-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-default-base-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-default-devel-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-ec2-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-base-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-ec2-base-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-devel-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-source-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-syms-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-trace-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-trace-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-trace-base-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-trace-base-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-trace-devel-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-trace-devel-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-xen-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-base-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-xen-base-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-devel-3.0.101-108.180.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
},
"product_reference": "kernel-xen-devel-3.0.101-108.180.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111\n\nThe bug was found during fuzzing. Stacktrace locates it in\nath5k_eeprom_convert_pcal_info_5111.\nWhen none of the curve is selected in the loop, idx can go\nup to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.\npd = \u0026chinfo[pier].pd_curves[idx];\n\nThere are many OOB writes using pd later in the code. So I\nadded a sanity check for idx. Checks for other loops involving\nAR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not\nused outside the loops.\n\nThe patch is NOT tested with real device.\n\nThe following is the fuzzing report\n\nBUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\nWrite of size 1 at addr ffff8880174a4d60 by task modprobe/214\n\nCPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1\nCall Trace:\n dump_stack+0x76/0xa0\n print_address_description.constprop.0+0x16/0x200\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n __kasan_report.cold+0x37/0x7c\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n kasan_report+0xe/0x20\n ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]\n ath5k_eeprom_init+0x2513/0x6290 [ath5k]\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? usleep_range+0xb8/0x100\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]\n ath5k_hw_init+0xb60/0x1970 [ath5k]\n ath5k_init_ah+0x6fe/0x2530 [ath5k]\n ? kasprintf+0xa6/0xe0\n ? ath5k_stop+0x140/0x140 [ath5k]\n ? _dev_notice+0xf6/0xf6\n ? apic_timer_interrupt+0xa/0x20\n ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n ? mutex_lock+0x89/0xd0\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n local_pci_probe+0xd3/0x160\n pci_device_probe+0x23f/0x3e0\n ? pci_device_remove+0x280/0x280\n ? pci_device_remove+0x280/0x280\n really_probe+0x209/0x5d0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47633",
"url": "https://www.suse.com/security/cve/CVE-2021-47633"
},
{
"category": "external",
"summary": "SUSE Bug 1237768 for CVE-2021-47633",
"url": "https://bugzilla.suse.com/1237768"
},
{
"category": "external",
"summary": "SUSE Bug 1237769 for CVE-2021-47633",
"url": "https://bugzilla.suse.com/1237769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "important"
}
],
"title": "CVE-2021-47633"
},
{
"cve": "CVE-2022-1048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1048"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1048",
"url": "https://www.suse.com/security/cve/CVE-2022-1048"
},
{
"category": "external",
"summary": "SUSE Bug 1197331 for CVE-2022-1048",
"url": "https://bugzilla.suse.com/1197331"
},
{
"category": "external",
"summary": "SUSE Bug 1197597 for CVE-2022-1048",
"url": "https://bugzilla.suse.com/1197597"
},
{
"category": "external",
"summary": "SUSE Bug 1200041 for CVE-2022-1048",
"url": "https://bugzilla.suse.com/1200041"
},
{
"category": "external",
"summary": "SUSE Bug 1204132 for CVE-2022-1048",
"url": "https://bugzilla.suse.com/1204132"
},
{
"category": "external",
"summary": "SUSE Bug 1212325 for CVE-2022-1048",
"url": "https://bugzilla.suse.com/1212325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "important"
}
],
"title": "CVE-2022-1048"
},
{
"cve": "CVE-2022-3303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3303"
}
],
"notes": [
{
"category": "general",
"text": "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3303",
"url": "https://www.suse.com/security/cve/CVE-2022-3303"
},
{
"category": "external",
"summary": "SUSE Bug 1203769 for CVE-2022-3303",
"url": "https://bugzilla.suse.com/1203769"
},
{
"category": "external",
"summary": "SUSE Bug 1212304 for CVE-2022-3303",
"url": "https://bugzilla.suse.com/1212304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "moderate"
}
],
"title": "CVE-2022-3303"
},
{
"cve": "CVE-2022-49272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock\n\nsyzbot caught a potential deadlock between the PCM\nruntime-\u003ebuffer_mutex and the mm-\u003emmap_lock. It was brought by the\nrecent fix to cover the racy read/write and other ioctls, and in that\ncommit, I overlooked a (hopefully only) corner case that may take the\nrevert lock, namely, the OSS mmap. The OSS mmap operation\nexceptionally allows to re-configure the parameters inside the OSS\nmmap syscall, where mm-\u003emmap_mutex is already held. Meanwhile, the\ncopy_from/to_user calls at read/write operations also take the\nmm-\u003emmap_lock internally, hence it may lead to a AB/BA deadlock.\n\nA similar problem was already seen in the past and we fixed it with a\nrefcount (in commit b248371628aa). The former fix covered only the\ncall paths with OSS read/write and OSS ioctls, while we need to cover\nthe concurrent access via both ALSA and OSS APIs now.\n\nThis patch addresses the problem above by replacing the buffer_mutex\nlock in the read/write operations with a refcount similar as we\u0027ve\nused for OSS. The new field, runtime-\u003ebuffer_accessing, keeps the\nnumber of concurrent read/write operations. Unlike the former\nbuffer_mutex protection, this protects only around the\ncopy_from/to_user() calls; the other codes are basically protected by\nthe PCM stream lock. The refcount can be a negative, meaning blocked\nby the ioctls. If a negative value is seen, the read/write aborts\nwith -EBUSY. In the ioctl side, OTOH, they check this refcount, too,\nand set to a negative value for blocking unless it\u0027s already being\naccessed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49272",
"url": "https://www.suse.com/security/cve/CVE-2022-49272"
},
{
"category": "external",
"summary": "SUSE Bug 1238272 for CVE-2022-49272",
"url": "https://bugzilla.suse.com/1238272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "moderate"
}
],
"title": "CVE-2022-49272"
},
{
"cve": "CVE-2022-49288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent prealloc proc writes\n\nWe have no protection against concurrent PCM buffer preallocation\nchanges via proc files, and it may potentially lead to UAF or some\nweird problem. This patch applies the PCM open_mutex to the proc\nwrite operation for avoiding the racy proc writes and the PCM stream\nopen (and further operations).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49288",
"url": "https://www.suse.com/security/cve/CVE-2022-49288"
},
{
"category": "external",
"summary": "SUSE Bug 1238271 for CVE-2022-49288",
"url": "https://bugzilla.suse.com/1238271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "moderate"
}
],
"title": "CVE-2022-49288"
},
{
"cve": "CVE-2022-49291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent hw_params and hw_free calls\n\nCurrently we have neither proper check nor protection against the\nconcurrent calls of PCM hw_params and hw_free ioctls, which may result\nin a UAF. Since the existing PCM stream lock can\u0027t be used for\nprotecting the whole ioctl operations, we need a new mutex to protect\nthose racy calls.\n\nThis patch introduced a new mutex, runtime-\u003ebuffer_mutex, and applies\nit to both hw_params and hw_free ioctl code paths. Along with it, the\nboth functions are slightly modified (the mmap_count check is moved\ninto the state-check block) for code simplicity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49291",
"url": "https://www.suse.com/security/cve/CVE-2022-49291"
},
{
"category": "external",
"summary": "SUSE Bug 1238705 for CVE-2022-49291",
"url": "https://bugzilla.suse.com/1238705"
},
{
"category": "external",
"summary": "SUSE Bug 1238706 for CVE-2022-49291",
"url": "https://bugzilla.suse.com/1238706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "important"
}
],
"title": "CVE-2022-49291"
},
{
"cve": "CVE-2022-49545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49545",
"url": "https://www.suse.com/security/cve/CVE-2022-49545"
},
{
"category": "external",
"summary": "SUSE Bug 1238729 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238729"
},
{
"category": "external",
"summary": "SUSE Bug 1238730 for CVE-2022-49545",
"url": "https://bugzilla.suse.com/1238730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "important"
}
],
"title": "CVE-2022-49545"
},
{
"cve": "CVE-2022-49733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC\n\nThere is a small race window at snd_pcm_oss_sync() that is called from\nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls\nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex\nfor the rest. When the stream is set up again by another thread\nbetween them, it leads to inconsistency, and may result in unexpected\nresults such as NULL dereference of OSS buffer as a fuzzer spotted\nrecently.\n\nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same\nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49733",
"url": "https://www.suse.com/security/cve/CVE-2022-49733"
},
{
"category": "external",
"summary": "SUSE Bug 1238454 for CVE-2022-49733",
"url": "https://bugzilla.suse.com/1238454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "moderate"
}
],
"title": "CVE-2022-49733"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.180.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.180.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:44:17Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…