Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0184-1 Final 1 1 2025-01-18T02:04:20Z current 2025-01-18T02:04:20Z 2025-01-18T02:04:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6) This update for the Linux Kernel 6.4.0-150600_23_25 fixes one issue. The following security issue was fixed: - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233712). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-184,SUSE-2025-189,SUSE-2025-190,SUSE-SLE-Module-Live-Patching-15-SP3-2025-184,SUSE-SLE-Module-Live-Patching-15-SP4-2025-190,SUSE-SLE-Module-Live-Patching-15-SP6-2025-189 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250184-1/ Link for SUSE-SU-2025:0184-1 https://lists.suse.com/pipermail/sle-security-updates/2025-January/020172.html E-Mail link for SUSE-SU-2025:0184-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233712 SUSE Bug 1233712 https://www.suse.com/security/cve/CVE-2024-50264/ SUSE CVE CVE-2024-50264 page SUSE Linux Enterprise Live Patching 15 SP3 SUSE Linux Enterprise Live Patching 15 SP4 SUSE Linux Enterprise Live Patching 15 SP6 kernel-livepatch-5_3_18-150300_59_182-default-2-150300.7.6.1 kernel-livepatch-5_3_18-150300_59_182-preempt-2-150300.7.6.1 kernel-livepatch-6_4_0-150600_23_25-default-2-150600.13.6.1 kernel-livepatch-5_14_21-150400_24_141-default-2-150400.9.8.1 kernel-livepatch-5_3_18-150300_59_182-default-2-150300.7.6.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_14_21-150400_24_141-default-2-150400.9.8.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-6_4_0-150600_23_25-default-2-150600.13.6.1 as a component of SUSE Linux Enterprise Live Patching 15 SP6 In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL. CVE-2024-50264 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_182-default-2-150300.7.6.1 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_141-default-2-150400.9.8.1 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_25-default-2-150600.13.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250184-1/ https://www.suse.com/security/cve/CVE-2024-50264.html CVE-2024-50264 https://bugzilla.suse.com/1233453 SUSE Bug 1233453 https://bugzilla.suse.com/1233712 SUSE Bug 1233712