{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)","title":"Title of the patch"},{"category":"description","text":"\nThis update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.167 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251983).\n- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1245778).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2025-4233,SUSE-SLE-Module-Live-Patching-15-SP4-2025-4233","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4233-1.json"},{"category":"self","summary":"URL for SUSE-SU-2025:4233-1","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254233-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2025:4233-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-November/023356.html"},{"category":"self","summary":"SUSE Bug 1245778","url":"https://bugzilla.suse.com/1245778"},{"category":"self","summary":"SUSE Bug 1251983","url":"https://bugzilla.suse.com/1251983"},{"category":"self","summary":"SUSE CVE CVE-2023-53673 page","url":"https://www.suse.com/security/cve/CVE-2023-53673/"},{"category":"self","summary":"SUSE CVE CVE-2024-53141 page","url":"https://www.suse.com/security/cve/CVE-2024-53141/"}],"title":"Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)","tracking":{"current_release_date":"2025-11-25T14:33:49Z","generator":{"date":"2025-11-25T14:33:49Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2025:4233-1","initial_release_date":"2025-11-25T14:33:49Z","revision_history":[{"date":"2025-11-25T14:33:49Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","product":{"name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","product_id":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","product":{"name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","product_id":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64","product":{"name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64","product_id":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 15 SP4","product":{"name":"SUSE Linux Enterprise Live Patching 15 SP4","product_id":"SUSE Linux Enterprise Live Patching 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-live-patching:15:sp4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4","product_id":"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le"},"product_reference":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4","product_id":"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x"},"product_reference":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4","product_id":"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64"},"product_reference":"kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP4"}]},"vulnerabilities":[{"cve":"CVE-2023-53673","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-53673"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -> 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... <no iso_* activity on sk/conn> ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G            E      6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-53673","url":"https://www.suse.com/security/cve/CVE-2023-53673"},{"category":"external","summary":"SUSE Bug 1251763 for CVE-2023-53673","url":"https://bugzilla.suse.com/1251763"},{"category":"external","summary":"SUSE Bug 1251983 for CVE-2023-53673","url":"https://bugzilla.suse.com/1251983"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-11-25T14:33:49Z","details":"important"}],"title":"CVE-2023-53673"},{"cve":"CVE-2024-53141","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-53141"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: add missing range check in bitmap_ip_uadt\n\nWhen tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,\nthe values of ip and ip_to are slightly swapped. Therefore, the range check\nfor ip should be done later, but this part is missing and it seems that the\nvulnerability occurs.\n\nSo we should add missing range checks and remove unnecessary range checks.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-53141","url":"https://www.suse.com/security/cve/CVE-2024-53141"},{"category":"external","summary":"SUSE Bug 1234381 for CVE-2024-53141","url":"https://bugzilla.suse.com/1234381"},{"category":"external","summary":"SUSE Bug 1245778 for CVE-2024-53141","url":"https://bugzilla.suse.com/1245778"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_167-default-9-150400.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-11-25T14:33:49Z","details":"important"}],"title":"CVE-2024-53141"}]}