Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0229-1 Final 1 1 2025-01-24T10:10:25Z current 2025-01-24T10:10:25Z 2025-01-24T10:10:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694). - CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823). - CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166). - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050). - CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485). - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547). - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550). - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558). - CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). - CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834). - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). - CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827). - CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843). - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971). - CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (bsc#1234282). - CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037). - CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039). - CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). The following non-security bugs were fixed: - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295). - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes). - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes). - arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes). - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes). - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes). - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes). - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - autofs: use flexible array in ioctl structure (git-fixes). - devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422). - devlink: do not require setting features before registration (bsc#1231388 bsc#1230422). - dma-fence: Fix reference leak on fence merge failure path (git-fixes). - dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - Documentation: Add x86/amd_hsmp driver (jsc#PED-1295). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes). - drm/v3d: Enable Performance Counters before clearing them (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth - kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639). - KVM: x86: fix sending PV IPI (git-fixes). - memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763). - mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120). - mmc: core: Further prevent card detect during shutdown (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472). - nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - ocfs2: uncache inode which has failed entering the group (bsc#1234087). - PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes). - phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763). - platform/x86: Add AMD system management interface (jsc#PED-1295). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - pwm: tegra: Improve required rate calculation (jsc#PED-1763). - RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes) - regmap: detach regmap from dev on regmap_exit (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - serial: tegra: Read DMA status before terminating (jsc#PED-1763). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) (bsc#1233642). - spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes). - SUNRPC: make sure cache entry active before cache_show (git-fixes). - sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes). - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - udf: Handle error when adding extent to a file (bsc#1234437). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - zonefs: fix zone report size in __zonefs_io_error() (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro/rt-5.5:latest-2025-229,SUSE-2025-229,SUSE-SLE-Micro-5.5-2025-229 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ Link for SUSE-SU-2025:0229-1 https://lists.suse.com/pipermail/sle-security-updates/2025-January/020194.html E-Mail link for SUSE-SU-2025:0229-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1135481 SUSE Bug 1135481 https://bugzilla.suse.com/1170891 SUSE Bug 1170891 https://bugzilla.suse.com/1171420 SUSE Bug 1171420 https://bugzilla.suse.com/1173139 SUSE Bug 1173139 https://bugzilla.suse.com/1175543 SUSE Bug 1175543 https://bugzilla.suse.com/1181006 SUSE Bug 1181006 https://bugzilla.suse.com/1185010 SUSE Bug 1185010 https://bugzilla.suse.com/1187211 SUSE Bug 1187211 https://bugzilla.suse.com/1187619 SUSE Bug 1187619 https://bugzilla.suse.com/1188412 SUSE Bug 1188412 https://bugzilla.suse.com/1188616 SUSE Bug 1188616 https://bugzilla.suse.com/1188700 SUSE Bug 1188700 https://bugzilla.suse.com/1188983 SUSE Bug 1188983 https://bugzilla.suse.com/1188985 SUSE Bug 1188985 https://bugzilla.suse.com/1189760 SUSE Bug 1189760 https://bugzilla.suse.com/1189762 SUSE Bug 1189762 https://bugzilla.suse.com/1189870 SUSE Bug 1189870 https://bugzilla.suse.com/1189872 SUSE Bug 1189872 https://bugzilla.suse.com/1190117 SUSE Bug 1190117 https://bugzilla.suse.com/1190131 SUSE Bug 1190131 https://bugzilla.suse.com/1190181 SUSE Bug 1190181 https://bugzilla.suse.com/1190358 SUSE Bug 1190358 https://bugzilla.suse.com/1190412 SUSE Bug 1190412 https://bugzilla.suse.com/1190428 SUSE Bug 1190428 https://bugzilla.suse.com/1203332 SUSE Bug 1203332 https://bugzilla.suse.com/1205521 SUSE Bug 1205521 https://bugzilla.suse.com/1209288 SUSE Bug 1209288 https://bugzilla.suse.com/1209798 SUSE Bug 1209798 https://bugzilla.suse.com/1211593 SUSE Bug 1211593 https://bugzilla.suse.com/1211595 SUSE Bug 1211595 https://bugzilla.suse.com/1215304 SUSE Bug 1215304 https://bugzilla.suse.com/1216813 SUSE Bug 1216813 https://bugzilla.suse.com/1216909 SUSE Bug 1216909 https://bugzilla.suse.com/1219608 SUSE Bug 1219608 https://bugzilla.suse.com/1222878 SUSE Bug 1222878 https://bugzilla.suse.com/1223044 SUSE Bug 1223044 https://bugzilla.suse.com/1225758 SUSE Bug 1225758 https://bugzilla.suse.com/1225820 SUSE Bug 1225820 https://bugzilla.suse.com/1226694 SUSE Bug 1226694 https://bugzilla.suse.com/1228190 SUSE Bug 1228190 https://bugzilla.suse.com/1229809 SUSE Bug 1229809 https://bugzilla.suse.com/1230422 SUSE Bug 1230422 https://bugzilla.suse.com/1230697 SUSE Bug 1230697 https://bugzilla.suse.com/1231388 SUSE Bug 1231388 https://bugzilla.suse.com/1231453 SUSE Bug 1231453 https://bugzilla.suse.com/1231854 SUSE Bug 1231854 https://bugzilla.suse.com/1232045 SUSE Bug 1232045 https://bugzilla.suse.com/1232157 SUSE Bug 1232157 https://bugzilla.suse.com/1232166 SUSE Bug 1232166 https://bugzilla.suse.com/1232419 SUSE Bug 1232419 https://bugzilla.suse.com/1232436 SUSE Bug 1232436 https://bugzilla.suse.com/1232472 SUSE Bug 1232472 https://bugzilla.suse.com/1232823 SUSE Bug 1232823 https://bugzilla.suse.com/1233038 SUSE Bug 1233038 https://bugzilla.suse.com/1233050 SUSE Bug 1233050 https://bugzilla.suse.com/1233070 SUSE Bug 1233070 https://bugzilla.suse.com/1233096 SUSE Bug 1233096 https://bugzilla.suse.com/1233127 SUSE Bug 1233127 https://bugzilla.suse.com/1233200 SUSE Bug 1233200 https://bugzilla.suse.com/1233239 SUSE Bug 1233239 https://bugzilla.suse.com/1233324 SUSE Bug 1233324 https://bugzilla.suse.com/1233467 SUSE Bug 1233467 https://bugzilla.suse.com/1233468 SUSE Bug 1233468 https://bugzilla.suse.com/1233469 SUSE Bug 1233469 https://bugzilla.suse.com/1233485 SUSE Bug 1233485 https://bugzilla.suse.com/1233547 SUSE Bug 1233547 https://bugzilla.suse.com/1233550 SUSE Bug 1233550 https://bugzilla.suse.com/1233558 SUSE Bug 1233558 https://bugzilla.suse.com/1233564 SUSE Bug 1233564 https://bugzilla.suse.com/1233568 SUSE Bug 1233568 https://bugzilla.suse.com/1233637 SUSE Bug 1233637 https://bugzilla.suse.com/1233701 SUSE Bug 1233701 https://bugzilla.suse.com/1233769 SUSE Bug 1233769 https://bugzilla.suse.com/1233837 SUSE Bug 1233837 https://bugzilla.suse.com/1234072 SUSE Bug 1234072 https://bugzilla.suse.com/1234073 SUSE Bug 1234073 https://bugzilla.suse.com/1234075 SUSE Bug 1234075 https://bugzilla.suse.com/1234076 SUSE Bug 1234076 https://bugzilla.suse.com/1234077 SUSE Bug 1234077 https://bugzilla.suse.com/1234087 SUSE Bug 1234087 https://bugzilla.suse.com/1234120 SUSE Bug 1234120 https://bugzilla.suse.com/1234156 SUSE Bug 1234156 https://bugzilla.suse.com/1234219 SUSE Bug 1234219 https://bugzilla.suse.com/1234220 SUSE Bug 1234220 https://bugzilla.suse.com/1234240 SUSE Bug 1234240 https://bugzilla.suse.com/1234241 SUSE Bug 1234241 https://bugzilla.suse.com/1234281 SUSE Bug 1234281 https://bugzilla.suse.com/1234282 SUSE Bug 1234282 https://bugzilla.suse.com/1234294 SUSE Bug 1234294 https://bugzilla.suse.com/1234338 SUSE Bug 1234338 https://bugzilla.suse.com/1234357 SUSE Bug 1234357 https://bugzilla.suse.com/1234437 SUSE Bug 1234437 https://bugzilla.suse.com/1234464 SUSE Bug 1234464 https://bugzilla.suse.com/1234605 SUSE Bug 1234605 https://bugzilla.suse.com/1234639 SUSE Bug 1234639 https://bugzilla.suse.com/1234650 SUSE Bug 1234650 https://bugzilla.suse.com/1234727 SUSE Bug 1234727 https://bugzilla.suse.com/1234811 SUSE Bug 1234811 https://bugzilla.suse.com/1234827 SUSE Bug 1234827 https://bugzilla.suse.com/1234834 SUSE Bug 1234834 https://bugzilla.suse.com/1234843 SUSE Bug 1234843 https://bugzilla.suse.com/1234846 SUSE Bug 1234846 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1234856 SUSE Bug 1234856 https://bugzilla.suse.com/1234891 SUSE Bug 1234891 https://bugzilla.suse.com/1234912 SUSE Bug 1234912 https://bugzilla.suse.com/1234920 SUSE Bug 1234920 https://bugzilla.suse.com/1234921 SUSE Bug 1234921 https://bugzilla.suse.com/1234960 SUSE Bug 1234960 https://bugzilla.suse.com/1234963 SUSE Bug 1234963 https://bugzilla.suse.com/1234971 SUSE Bug 1234971 https://bugzilla.suse.com/1234973 SUSE Bug 1234973 https://bugzilla.suse.com/1235004 SUSE Bug 1235004 https://bugzilla.suse.com/1235035 SUSE Bug 1235035 https://bugzilla.suse.com/1235037 SUSE Bug 1235037 https://bugzilla.suse.com/1235039 SUSE Bug 1235039 https://bugzilla.suse.com/1235054 SUSE Bug 1235054 https://bugzilla.suse.com/1235056 SUSE Bug 1235056 https://bugzilla.suse.com/1235061 SUSE Bug 1235061 https://bugzilla.suse.com/1235073 SUSE Bug 1235073 https://bugzilla.suse.com/1235220 SUSE Bug 1235220 https://bugzilla.suse.com/1235224 SUSE Bug 1235224 https://bugzilla.suse.com/1235246 SUSE Bug 1235246 https://bugzilla.suse.com/1235507 SUSE Bug 1235507 https://www.suse.com/security/cve/CVE-2020-12770/ SUSE CVE CVE-2020-12770 page https://www.suse.com/security/cve/CVE-2021-34556/ SUSE CVE CVE-2021-34556 page https://www.suse.com/security/cve/CVE-2021-35477/ SUSE CVE CVE-2021-35477 page https://www.suse.com/security/cve/CVE-2021-38160/ SUSE CVE CVE-2021-38160 page https://www.suse.com/security/cve/CVE-2021-47202/ SUSE CVE CVE-2021-47202 page https://www.suse.com/security/cve/CVE-2022-36280/ SUSE CVE CVE-2022-36280 page https://www.suse.com/security/cve/CVE-2022-48742/ SUSE CVE CVE-2022-48742 page https://www.suse.com/security/cve/CVE-2022-49033/ SUSE CVE CVE-2022-49033 page https://www.suse.com/security/cve/CVE-2022-49035/ SUSE CVE CVE-2022-49035 page https://www.suse.com/security/cve/CVE-2023-1382/ SUSE CVE CVE-2023-1382 page https://www.suse.com/security/cve/CVE-2023-33951/ SUSE CVE CVE-2023-33951 page https://www.suse.com/security/cve/CVE-2023-33952/ SUSE CVE CVE-2023-33952 page https://www.suse.com/security/cve/CVE-2023-52920/ SUSE CVE CVE-2023-52920 page https://www.suse.com/security/cve/CVE-2024-24860/ SUSE CVE CVE-2024-24860 page https://www.suse.com/security/cve/CVE-2024-26886/ SUSE CVE CVE-2024-26886 page https://www.suse.com/security/cve/CVE-2024-26924/ SUSE CVE CVE-2024-26924 page https://www.suse.com/security/cve/CVE-2024-36915/ SUSE CVE CVE-2024-36915 page https://www.suse.com/security/cve/CVE-2024-42232/ SUSE CVE CVE-2024-42232 page https://www.suse.com/security/cve/CVE-2024-44934/ SUSE CVE CVE-2024-44934 page https://www.suse.com/security/cve/CVE-2024-47666/ SUSE CVE CVE-2024-47666 page https://www.suse.com/security/cve/CVE-2024-47678/ SUSE CVE CVE-2024-47678 page https://www.suse.com/security/cve/CVE-2024-49944/ SUSE CVE CVE-2024-49944 page https://www.suse.com/security/cve/CVE-2024-49952/ SUSE CVE CVE-2024-49952 page https://www.suse.com/security/cve/CVE-2024-50018/ SUSE CVE CVE-2024-50018 page https://www.suse.com/security/cve/CVE-2024-50143/ SUSE CVE CVE-2024-50143 page https://www.suse.com/security/cve/CVE-2024-50154/ SUSE CVE CVE-2024-50154 page https://www.suse.com/security/cve/CVE-2024-50166/ SUSE CVE CVE-2024-50166 page https://www.suse.com/security/cve/CVE-2024-50181/ SUSE CVE CVE-2024-50181 page https://www.suse.com/security/cve/CVE-2024-50202/ SUSE CVE CVE-2024-50202 page https://www.suse.com/security/cve/CVE-2024-50211/ SUSE CVE CVE-2024-50211 page https://www.suse.com/security/cve/CVE-2024-50256/ SUSE CVE CVE-2024-50256 page https://www.suse.com/security/cve/CVE-2024-50262/ SUSE CVE CVE-2024-50262 page https://www.suse.com/security/cve/CVE-2024-50278/ SUSE CVE CVE-2024-50278 page https://www.suse.com/security/cve/CVE-2024-50279/ SUSE CVE CVE-2024-50279 page https://www.suse.com/security/cve/CVE-2024-50280/ SUSE CVE CVE-2024-50280 page https://www.suse.com/security/cve/CVE-2024-50296/ SUSE CVE CVE-2024-50296 page https://www.suse.com/security/cve/CVE-2024-53051/ SUSE CVE CVE-2024-53051 page https://www.suse.com/security/cve/CVE-2024-53055/ SUSE CVE CVE-2024-53055 page https://www.suse.com/security/cve/CVE-2024-53056/ SUSE CVE CVE-2024-53056 page https://www.suse.com/security/cve/CVE-2024-53064/ SUSE CVE CVE-2024-53064 page https://www.suse.com/security/cve/CVE-2024-53072/ SUSE CVE CVE-2024-53072 page https://www.suse.com/security/cve/CVE-2024-53090/ SUSE CVE CVE-2024-53090 page https://www.suse.com/security/cve/CVE-2024-53101/ SUSE CVE CVE-2024-53101 page https://www.suse.com/security/cve/CVE-2024-53113/ SUSE CVE CVE-2024-53113 page https://www.suse.com/security/cve/CVE-2024-53114/ SUSE CVE CVE-2024-53114 page https://www.suse.com/security/cve/CVE-2024-53119/ SUSE CVE CVE-2024-53119 page https://www.suse.com/security/cve/CVE-2024-53120/ SUSE CVE CVE-2024-53120 page https://www.suse.com/security/cve/CVE-2024-53122/ SUSE CVE CVE-2024-53122 page https://www.suse.com/security/cve/CVE-2024-53125/ SUSE CVE CVE-2024-53125 page https://www.suse.com/security/cve/CVE-2024-53130/ SUSE CVE CVE-2024-53130 page https://www.suse.com/security/cve/CVE-2024-53131/ SUSE CVE CVE-2024-53131 page https://www.suse.com/security/cve/CVE-2024-53142/ SUSE CVE CVE-2024-53142 page https://www.suse.com/security/cve/CVE-2024-53146/ SUSE CVE CVE-2024-53146 page https://www.suse.com/security/cve/CVE-2024-53150/ SUSE CVE CVE-2024-53150 page https://www.suse.com/security/cve/CVE-2024-53156/ SUSE CVE CVE-2024-53156 page https://www.suse.com/security/cve/CVE-2024-53157/ SUSE CVE CVE-2024-53157 page https://www.suse.com/security/cve/CVE-2024-53158/ SUSE CVE CVE-2024-53158 page https://www.suse.com/security/cve/CVE-2024-53161/ SUSE CVE CVE-2024-53161 page https://www.suse.com/security/cve/CVE-2024-53162/ SUSE CVE CVE-2024-53162 page https://www.suse.com/security/cve/CVE-2024-53173/ SUSE CVE CVE-2024-53173 page https://www.suse.com/security/cve/CVE-2024-53179/ SUSE CVE CVE-2024-53179 page https://www.suse.com/security/cve/CVE-2024-53206/ SUSE CVE CVE-2024-53206 page https://www.suse.com/security/cve/CVE-2024-53210/ SUSE CVE CVE-2024-53210 page https://www.suse.com/security/cve/CVE-2024-53213/ SUSE CVE CVE-2024-53213 page https://www.suse.com/security/cve/CVE-2024-53214/ SUSE CVE CVE-2024-53214 page https://www.suse.com/security/cve/CVE-2024-53239/ SUSE CVE CVE-2024-53239 page https://www.suse.com/security/cve/CVE-2024-53240/ SUSE CVE CVE-2024-53240 page https://www.suse.com/security/cve/CVE-2024-53241/ SUSE CVE CVE-2024-53241 page https://www.suse.com/security/cve/CVE-2024-56539/ SUSE CVE CVE-2024-56539 page https://www.suse.com/security/cve/CVE-2024-56548/ SUSE CVE CVE-2024-56548 page https://www.suse.com/security/cve/CVE-2024-56549/ SUSE CVE CVE-2024-56549 page https://www.suse.com/security/cve/CVE-2024-56570/ SUSE CVE CVE-2024-56570 page https://www.suse.com/security/cve/CVE-2024-56571/ SUSE CVE CVE-2024-56571 page https://www.suse.com/security/cve/CVE-2024-56575/ SUSE CVE CVE-2024-56575 page https://www.suse.com/security/cve/CVE-2024-56598/ SUSE CVE CVE-2024-56598 page https://www.suse.com/security/cve/CVE-2024-56604/ SUSE CVE CVE-2024-56604 page https://www.suse.com/security/cve/CVE-2024-56605/ SUSE CVE CVE-2024-56605 page https://www.suse.com/security/cve/CVE-2024-56619/ SUSE CVE CVE-2024-56619 page https://www.suse.com/security/cve/CVE-2024-56755/ SUSE CVE CVE-2024-56755 page https://www.suse.com/security/cve/CVE-2024-8805/ SUSE CVE CVE-2024-8805 page Container suse/sle-micro/rt-5.5:latest SUSE Linux Enterprise Micro 5.5 kernel-rt-5.14.21-150500.13.82.1 cluster-md-kmp-rt-5.14.21-150500.13.82.1 dlm-kmp-rt-5.14.21-150500.13.82.1 gfs2-kmp-rt-5.14.21-150500.13.82.1 kernel-devel-rt-5.14.21-150500.13.82.1 kernel-rt-devel-5.14.21-150500.13.82.1 kernel-rt-extra-5.14.21-150500.13.82.1 kernel-rt-livepatch-5.14.21-150500.13.82.1 kernel-rt-livepatch-devel-5.14.21-150500.13.82.1 kernel-rt-optional-5.14.21-150500.13.82.1 kernel-rt-vdso-5.14.21-150500.13.82.1 kernel-rt_debug-5.14.21-150500.13.82.1 kernel-rt_debug-devel-5.14.21-150500.13.82.1 kernel-rt_debug-vdso-5.14.21-150500.13.82.1 kernel-source-rt-5.14.21-150500.13.82.1 kernel-syms-rt-5.14.21-150500.13.82.1 kselftests-kmp-rt-5.14.21-150500.13.82.1 ocfs2-kmp-rt-5.14.21-150500.13.82.1 reiserfs-kmp-rt-5.14.21-150500.13.82.1 kernel-rt-5.14.21-150500.13.82.1 as a component of Container suse/sle-micro/rt-5.5:latest kernel-rt-5.14.21-150500.13.82.1 as a component of SUSE Linux Enterprise Micro 5.5 kernel-source-rt-5.14.21-150500.13.82.1 as a component of SUSE Linux Enterprise Micro 5.5 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. CVE-2020-12770 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2020-12770.html CVE-2020-12770 https://bugzilla.suse.com/1171420 SUSE Bug 1171420 In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. CVE-2021-34556 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2021-34556.html CVE-2021-34556 https://bugzilla.suse.com/1188983 SUSE Bug 1188983 In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. CVE-2021-35477 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2021-35477.html CVE-2021-35477 https://bugzilla.suse.com/1188985 SUSE Bug 1188985 ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. CVE-2021-38160 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2021-38160.html CVE-2021-38160 https://bugzilla.suse.com/1190117 SUSE Bug 1190117 https://bugzilla.suse.com/1190118 SUSE Bug 1190118 https://bugzilla.suse.com/1196914 SUSE Bug 1196914 In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn't probed yet, an attempt to set trip_point_*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it. console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp ... Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... Call trace: of_thermal_set_trip_temp+0x40/0xc4 trip_point_temp_store+0xc0/0x1dc dev_attr_store+0x38/0x88 sysfs_kf_write+0x64/0xc0 kernfs_fop_write_iter+0x108/0x1d0 vfs_write+0x2f4/0x368 ksys_write+0x7c/0xec __arm64_sys_write+0x20/0x30 el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc do_el0_svc+0x28/0xa0 el0_svc+0x14/0x24 el0_sync_handler+0x88/0xec el0_sync+0x1c0/0x200 While at it, fix the possible NULL pointer dereference in other functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend(). CVE-2021-47202 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2021-47202.html CVE-2021-47202 https://bugzilla.suse.com/1222878 SUSE Bug 1222878 An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). CVE-2022-36280 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2022-36280.html CVE-2022-36280 https://bugzilla.suse.com/1203332 SUSE Bug 1203332 In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free. It is better to clear master_dev and m_ops inside the loop, in case we have to replay it. CVE-2022-48742 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2022-48742.html CVE-2022-48742 https://bugzilla.suse.com/1226694 SUSE Bug 1226694 In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() Syzkaller reported BUG as follows: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 Call Trace: <TASK> dump_stack_lvl+0xcd/0x134 __might_resched.cold+0x222/0x26b kmem_cache_alloc+0x2e7/0x3c0 update_qgroup_limit_item+0xe1/0x390 btrfs_qgroup_inherit+0x147b/0x1ee0 create_subvol+0x4eb/0x1710 btrfs_mksubvol+0xfe5/0x13f0 __btrfs_ioctl_snap_create+0x2b0/0x430 btrfs_ioctl_snap_create_v2+0x25a/0x520 btrfs_ioctl+0x2a1c/0x5ce0 __x64_sys_ioctl+0x193/0x200 do_syscall_64+0x35/0x80 Fix this by calling qgroup_dirty() on @dstqgroup, and update limit item in btrfs_run_qgroups() later outside of the spinlock context. CVE-2022-49033 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2022-49033.html CVE-2022-49033 https://bugzilla.suse.com/1232045 SUSE Bug 1232045 In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. CVE-2022-49035 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2022-49035.html CVE-2022-49035 https://bugzilla.suse.com/1215304 SUSE Bug 1215304 https://bugzilla.suse.com/1235013 SUSE Bug 1235013 A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. CVE-2023-1382 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2023-1382.html CVE-2023-1382 https://bugzilla.suse.com/1209288 SUSE Bug 1209288 A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. CVE-2023-33951 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2023-33951.html CVE-2023-33951 https://bugzilla.suse.com/1211593 SUSE Bug 1211593 https://bugzilla.suse.com/1216527 SUSE Bug 1216527 A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. CVE-2023-33952 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2023-33952.html CVE-2023-33952 https://bugzilla.suse.com/1211595 SUSE Bug 1211595 https://bugzilla.suse.com/1212348 SUSE Bug 1212348 https://bugzilla.suse.com/1216527 SUSE Bug 1216527 In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10 register, or any other register after copying r10 into it *and* potentially adjusting offset. To make this work reliably, we push extra per-instruction flags into instruction history, encoding stack slot index (spi) and stack frame number in extra 10 bit flags we take away from prev_idx in instruction history. We don't touch idx field for maximum performance, as it's checked most frequently during backtracking. This change removes basically the last remaining practical limitation of precision backtracking logic in BPF verifier. It fixes known deficiencies, but also opens up new opportunities to reduce number of verified states, explored in the subsequent patches. There are only three differences in selftests' BPF object files according to veristat, all in the positive direction (less states). File Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF) -------------------------------------- ------------- --------- --------- ------------- ---------- ---------- ------------- test_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%) xdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%) xdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%) Note, I avoided renaming jmp_history to more generic insn_hist to minimize number of lines changed and potential merge conflicts between bpf and bpf-next trees. Notice also cur_hist_entry pointer reset to NULL at the beginning of instruction verification loop. This pointer avoids the problem of relying on last jump history entry's insn_idx to determine whether we already have entry for current instruction or not. It can happen that we added jump history entry because current instruction is_jmp_point(), but also we need to add instruction flags for stack access. In this case, we don't want to entries, so we need to reuse last added entry, if it is present. Relying on insn_idx comparison has the same ambiguity problem as the one that was fixed recently in [0], so we avoid that. [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/ CVE-2023-52920 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2023-52920.html CVE-2023-52920 https://bugzilla.suse.com/1232823 SUSE Bug 1232823 A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. CVE-2024-24860 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-24860.html CVE-2024-24860 https://bugzilla.suse.com/1219608 SUSE Bug 1219608 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> CVE-2024-26886 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-26886.html CVE-2024-26886 https://bugzilla.suse.com/1223044 SUSE Bug 1223044 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano) CVE-2024-26924 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-26924.html CVE-2024-26924 https://bugzilla.suse.com/1223387 SUSE Bug 1223387 In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 Read of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078 CPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f7fac07fd89 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89 RDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 CVE-2024-36915 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-36915.html CVE-2024-36915 https://bugzilla.suse.com/1225758 SUSE Bug 1225758 In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed CVE-2024-42232 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-42232.html CVE-2024-42232 https://bugzilla.suse.com/1228959 SUSE Bug 1228959 https://bugzilla.suse.com/1229458 SUSE Bug 1229458 In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: wait for previous gc cycles when removing port syzbot hit a use-after-free[1] which is caused because the bridge doesn't make sure that all previous garbage has been collected when removing a port. What happens is: CPU 1 CPU 2 start gc cycle remove port acquire gc lock first wait for lock call br_multicasg_gc() directly acquire lock now but free port the port can be freed while grp timers still running Make sure all previous gc cycles have finished by using flush_work before freeing the port. [1] BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861 Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699 CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861 call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1843 [inline] __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417 __run_timer_base kernel/time/timer.c:2428 [inline] __run_timer_base kernel/time/timer.c:2421 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2437 CVE-2024-44934 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-44934.html CVE-2024-44934 https://bugzilla.suse.com/1229809 SUSE Bug 1229809 In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash. CVE-2024-47666 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-47666.html CVE-2024-47666 https://bugzilla.suse.com/1231453 SUSE Bug 1231453 In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits are not yet consumed. This is deferred to 3) 2) The per destination limit is checked/updated. This might add a new node in inetpeer tree. 3) icmp_global_consume() consumes tokens if prior operations succeeded. This means that host wide ratelimit is still effective in keeping inetpeer tree small even under DDOS. As a bonus, I removed icmp_global.lock as the fast path can use a lock-free operation. CVE-2024-47678 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-47678.html CVE-2024-47678 https://bugzilla.suse.com/1231854 SUSE Bug 1231854 In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Call Trace: <TASK> __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline] CVE-2024-49944 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-49944.html CVE-2024-49944 https://bugzilla.suse.com/1232166 SUSE Bug 1232166 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted by the splat is not enough, we have to disable soft interrupts as well. [1] BUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316 caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87 CPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49 nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87 nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook+0x2c4/0x450 include/linux/netfilter.h:269 NF_HOOK_COND include/linux/netfilter.h:302 [inline] ip_output+0x185/0x230 net/ipv4/ip_output.c:433 ip_local_out net/ipv4/ip_output.c:129 [inline] ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495 udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981 udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737 __do_sys_sendmmsg net/socket.c:2766 [inline] __se_sys_sendmmsg net/socket.c:2763 [inline] __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4ce4f7def9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9 RDX: 0000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006 RBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68 </TASK> CVE-2024-49952 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-49952.html CVE-2024-49952 https://bugzilla.suse.com/1232157 SUSE Bug 1232157 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-50018 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50018.html CVE-2024-50018 https://bugzilla.suse.com/1232419 SUSE Bug 1232419 In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000 CVE-2024-50143 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50143.html CVE-2024-50143 https://bugzilla.suse.com/1233038 SUSE Bug 1233038 In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tcp_retransmit_synack. The program passes the req->sk to the bpf_sk_storage_get_tracing kernel helper which does check for null before using it. """ The commit 83fccfc3940c ("inet: fix potential deadlock in reqsk_queue_unlink()") added timer_pending() in reqsk_queue_unlink() not to call del_timer_sync() from reqsk_timer_handler(), but it introduced a small race window. Before the timer is called, expire_timers() calls detach_timer(timer, true) to clear timer->entry.pprev and marks it as not pending. If reqsk_queue_unlink() checks timer_pending() just after expire_timers() calls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will continue running and send multiple SYN+ACKs until it expires. The reported UAF could happen if req->sk is close()d earlier than the timer expiration, which is 63s by default. The scenario would be 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(), but del_timer_sync() is missed 2. reqsk timer is executed and scheduled again 3. req->sk is accept()ed and reqsk_put() decrements rsk_refcnt, but reqsk timer still has another one, and inet_csk_accept() does not clear req->sk for non-TFO sockets 4. sk is close()d 5. reqsk timer is executed again, and BPF touches req->sk Let's not use timer_pending() by passing the caller context to __inet_csk_reqsk_queue_drop(). Note that reqsk timer is pinned, so the issue does not happen in most use cases. [1] [0] BUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0 Use-after-free read at 0x00000000a891fb3a (in kfence-#1): bpf_sk_storage_get_tracing+0x2e/0x1b0 bpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda bpf_trace_run2+0x4c/0xc0 tcp_rtx_synack+0xf9/0x100 reqsk_timer_handler+0xda/0x3d0 run_timer_softirq+0x292/0x8a0 irq_exit_rcu+0xf5/0x320 sysvec_apic_timer_interrupt+0x6d/0x80 asm_sysvec_apic_timer_interrupt+0x16/0x20 intel_idle_irq+0x5a/0xa0 cpuidle_enter_state+0x94/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb kfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6 allocated by task 0 on cpu 9 at 260507.901592s: sk_prot_alloc+0x35/0x140 sk_clone_lock+0x1f/0x3f0 inet_csk_clone_lock+0x15/0x160 tcp_create_openreq_child+0x1f/0x410 tcp_v6_syn_recv_sock+0x1da/0x700 tcp_check_req+0x1fb/0x510 tcp_v6_rcv+0x98b/0x1420 ipv6_list_rcv+0x2258/0x26e0 napi_complete_done+0x5b1/0x2990 mlx5e_napi_poll+0x2ae/0x8d0 net_rx_action+0x13e/0x590 irq_exit_rcu+0xf5/0x320 common_interrupt+0x80/0x90 asm_common_interrupt+0x22/0x40 cpuidle_enter_state+0xfb/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb freed by task 0 on cpu 9 at 260507.927527s: rcu_core_si+0x4ff/0xf10 irq_exit_rcu+0xf5/0x320 sysvec_apic_timer_interrupt+0x6d/0x80 asm_sysvec_apic_timer_interrupt+0x16/0x20 cpuidle_enter_state+0xfb/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb CVE-2024-50154 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50154.html CVE-2024-50154 https://bugzilla.suse.com/1233070 SUSE Bug 1233070 https://bugzilla.suse.com/1233072 SUSE Bug 1233072 In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In mac_probe() there are multiple calls to of_find_device_by_node(), fman_bind() and fman_port_bind() which takes references to of_dev->dev. Not all references taken by these calls are released later on error path in mac_probe() and in mac_remove() which lead to reference leaks. Add references release. CVE-2024-50166 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50166.html CVE-2024-50166 https://bugzilla.suse.com/1233050 SUSE Bug 1233050 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-50181 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50181.html CVE-2024-50181 https://bugzilla.suse.com/1233127 SUSE Bug 1233127 In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together. CVE-2024-50202 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50202.html CVE-2024-50202 https://bugzilla.suse.com/1233324 SUSE Bug 1233324 In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now detect errors and bail out early without resorting to checking for particular offsets and assuming internal behavior of these functions. CVE-2024-50211 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50211.html CVE-2024-50211 https://bugzilla.suse.com/1233096 SUSE Bug 1233096 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len is zero, and we attempt later to push an Ethernet header. Use LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c. [1] skbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc900045269b0 EFLAGS: 00010282 RAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800 RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 RBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc R10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140 R13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c FS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 eth_header+0x38/0x1f0 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3208 [inline] nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358 nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_bridge_pre net/bridge/br_input.c:277 [inline] br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424 __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562 __netif_receive_skb_one_core net/core/dev.c:5666 [inline] __netif_receive_skb+0x12f/0x650 net/core/dev.c:5781 netif_receive_skb_internal net/core/dev.c:5867 [inline] netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926 tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550 tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007 tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053 new_sync_write fs/read_write.c:590 [inline] vfs_write+0xa6d/0xc90 fs/read_write.c:683 ksys_write+0x183/0x2b0 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdbeeb7d1ff Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 RSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff RDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8 RBP: 00007fdbeebf12be R08: 0000000 ---truncated--- CVE-2024-50256 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50256.html CVE-2024-50256 https://bugzilla.suse.com/1233200 SUSE Bug 1233200 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. For example, consider a trie with max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ... 0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with .prefixlen = 8 make 9 nodes be written on the node stack with size 8. CVE-2024-50262 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50262.html CVE-2024-50262 https://bugzilla.suse.com/1233239 SUSE Bug 1233239 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because expanding the fast device requires reloading the cache table for cache_create to allocate new in-core data structures that fit the new size, and the check in cache_preresume is not performed during the first resume, leading to the issue. Reproduce steps: 1. prepare component devices: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct 2. load a cache table of 512 cache blocks, and deliberately expand the fast device before resuming the cache, making the in-core data structures inadequate. dmsetup create cache --notable dmsetup reload cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" dmsetup reload cdata --table "0 131072 linear /dev/sdc 8192" dmsetup resume cdata dmsetup resume cache 3. suspend the cache to write out the in-core dirty bitset and hint array, leading to out-of-bounds access to the dirty bitset at offset 0x40: dmsetup suspend cache KASAN reports: BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80 Read of size 8 at addr ffffc90000085040 by task dmsetup/90 (...snip...) The buggy address belongs to the virtual mapping at [ffffc90000085000, ffffc90000087000) created by: cache_ctr+0x176a/0x35f0 (...snip...) Memory state around the buggy address: ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 Fix by checking the size change on the first resume. CVE-2024-50278 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50278.html CVE-2024-50278 https://bugzilla.suse.com/1233467 SUSE Bug 1233467 https://bugzilla.suse.com/1233709 SUSE Bug 1233709 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds access. Reproduce steps: 1. create a cache device of 1024 cache blocks (128 bytes dirty bitset) dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 131072 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" 2. shrink the fast device to 512 cache blocks, triggering out-of-bounds access to the dirty bitset (offset 0x80) dmsetup suspend cache dmsetup reload cdata --table "0 65536 linear /dev/sdc 8192" dmsetup resume cdata dmsetup resume cache KASAN reports: BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0 Read of size 8 at addr ffffc900000f3080 by task dmsetup/131 (...snip...) The buggy address belongs to the virtual mapping at [ffffc900000f3000, ffffc900000f5000) created by: cache_ctr+0x176a/0x35f0 (...snip...) Memory state around the buggy address: ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 Fix by making the index post-incremented. CVE-2024-50279 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50279.html CVE-2024-50279 https://bugzilla.suse.com/1233468 SUSE Bug 1233468 https://bugzilla.suse.com/1233708 SUSE Bug 1233708 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed. CVE-2024-50280 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50280.html CVE-2024-50280 https://bugzilla.suse.com/1233469 SUSE Bug 1233469 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov(). The num_VFs is checked to determine whether to release the corresponding resources. During the second calling, num_VFs is not 0 and the resource release function is called. However, the corresponding resource has been released during the first invoking. Therefore, the problem occurs: [15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... [15278.131557][T50670] Call trace: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80 [15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_disable+0x50/0x11c [15278.166829][T50670] pci_disable_sriov+0x24/0x30 [15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invoke_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 For details, see the following figure. rmmod hclge disable VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() if !num_VFs : if !num_VFs : return; return; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); In this patch, when driver is removing, we get the device_lock() to protect num_VFs, just like sriov_numvfs_store(). CVE-2024-50296 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-50296.html CVE-2024-50296 https://bugzilla.suse.com/1233485 SUSE Bug 1233485 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-53051 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53051.html CVE-2024-53051 https://bugzilla.suse.com/1233547 SUSE Bug 1233547 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-53055 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53055.html CVE-2024-53055 https://bugzilla.suse.com/1233550 SUSE Bug 1233550 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-53056 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53056.html CVE-2024-53056 https://bugzilla.suse.com/1233568 SUSE Bug 1233568 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-53064 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53064.html CVE-2024-53064 https://bugzilla.suse.com/1233558 SUSE Bug 1233558 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-53072 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53072.html CVE-2024-53072 https://bugzilla.suse.com/1233564 SUSE Bug 1233564 In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to take a ref on the afs_call struct in order to pass it to a work queue - but if the afs_call is already queued, we then have an extraneous ref that must be put... calling afs_put_call() may call back down into AF_RXRPC through rxrpc_kernel_shutdown_call(), however, which might try taking the ->notify_lock again. This case isn't very common, however, so defer it to a workqueue. The oops looks something like: BUG: spinlock recursion on CPU#0, krxrpcio/7001/1646 lock: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0 CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 Not tainted 6.12.0-rc2-build3+ #4351 Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 Call Trace: <TASK> dump_stack_lvl+0x47/0x70 do_raw_spin_lock+0x3c/0x90 rxrpc_kernel_shutdown_call+0x83/0xb0 afs_put_call+0xd7/0x180 rxrpc_notify_socket+0xa0/0x190 rxrpc_input_split_jumbo+0x198/0x1d0 rxrpc_input_data+0x14b/0x1e0 ? rxrpc_input_call_packet+0xc2/0x1f0 rxrpc_input_call_event+0xad/0x6b0 rxrpc_input_packet_on_conn+0x1e1/0x210 rxrpc_input_packet+0x3f2/0x4d0 rxrpc_io_thread+0x243/0x410 ? __pfx_rxrpc_io_thread+0x10/0x10 kthread+0xcf/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x24/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CVE-2024-53090 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53090.html CVE-2024-53090 https://bugzilla.suse.com/1233637 SUSE Bug 1233637 In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initialize all fields of newattrs to avoid uninitialized variables, by checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0. CVE-2024-53101 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53101.html CVE-2024-53101 https://bugzilla.suse.com/1233769 SUSE Bug 1233769 In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be &current->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc fastpath"). To fix it, check NULL pointer for preferred_zoneref->zone. CVE-2024-53113 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53113.html CVE-2024-53113 https://bugzilla.suse.com/1234077 SUSE Bug 1234077 In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. These instructions aren't intended to be advertised on Zen4 client so clear the capability. CVE-2024-53114 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53114.html CVE-2024-53114 https://bugzilla.suse.com/1234072 SUSE Bug 1234072 In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak. vsock_release __vsock_release lock virtio_transport_release virtio_transport_close schedule_delayed_work(close_work) sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue release virtio_transport_recv_pkt vsock_find_bound_socket lock if flag(SOCK_DONE) return virtio_transport_recv_listen child = vsock_create_connected (!) vsock_enqueue_accept(child) release close_work lock virtio_transport_do_close set_flag(SOCK_DONE) virtio_transport_remove_sock vsock_remove_sock vsock_remove_bound release Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction. unreferenced object 0xffff888109e3f800 (size 2040): comm "kworker/5:2", pid 371, jiffies 4294940105 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............ backtrace (crc 9e5f4e84): [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360 [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120 [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0 [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310 [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0 [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140 [<ffffffff810fc6ac>] process_one_work+0x20c/0x570 [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0 [<ffffffff811070dd>] kthread+0xdd/0x110 [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50 [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30 CVE-2024-53119 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53119.html CVE-2024-53119 https://bugzilla.suse.com/1234073 SUSE Bug 1234073 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CVE-2024-53120 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53120.html CVE-2024-53120 https://bugzilla.suse.com/1234075 SUSE Bug 1234075 In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf(). CVE-2024-53122 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53122.html CVE-2024-53122 https://bugzilla.suse.com/1234076 SUSE Bug 1234076 In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: - r0 is marked as not a subreg at (0); - w1 is marked as subreg at (2); - w1 subreg_def is overridden at (3) by copy_register_state(); - w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; - because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); - this random value is read at (5). CVE-2024-53125 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53125.html CVE-2024-53125 https://bugzilla.suse.com/1234156 SUSE Bug 1234156 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try_to_free_buffers(), and new buffer heads are then attached by create_empty_buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b_bdev, and mark_buffer_dirty() may be called later in that state, resulting in the bug mentioned above. Fix this issue by making nilfs_grab_buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer's uptodate flag. CVE-2024-53130 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53130.html CVE-2024-53130 https://bugzilla.suse.com/1234219 SUSE Bug 1234219 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself. CVE-2024-53131 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53131.html CVE-2024-53131 https://bugzilla.suse.com/1234220 SUSE Bug 1234220 In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Length of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It's easiest to observe non-zero uninitialized memory when the output is gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. ---- reproducer.sh ---- nilchar="A" # change to "\0" to properly zero terminate / pad magic="070701" ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname="initramfs_test_fname_overrun" namelen=$(( ${#fname} + 1 )) # plus one to account for terminator printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \ $magic $ino $mode $uid $gid $nlink $mtime $filesize \ $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) )) printf "%.s${nilchar}" $(seq 1 $termpadlen) ---- reproducer.sh ---- Symlink filename fields handled in do_symlink() won't overrun past the data segment, due to the explicit zero-termination of the symlink target. Fix filename buffer overrun by aborting the initramfs FSM if any cpio entry doesn't carry a zero-terminator at the expected (name_len - 1) offset. CVE-2024-53142 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53142.html CVE-2024-53142 https://bugzilla.suse.com/1232436 SUSE Bug 1232436 In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. CVE-2024-53146 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53146.html CVE-2024-53146 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1234854 SUSE Bug 1234854 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. CVE-2024-53150 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53150.html CVE-2024-53150 https://bugzilla.suse.com/1234834 SUSE Bug 1234834 In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_firmware_work_func Call Trace: <TASK> dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0 ... Since this bug has been confirmed to be caused by insufficient verification of conn_rsp_epid, I think it would be appropriate to add a range check for conn_rsp_epid to htc_connect_service() to prevent the bug from occurring. CVE-2024-53156 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53156.html CVE-2024-53156 https://bugzilla.suse.com/1234846 SUSE Bug 1234846 https://bugzilla.suse.com/1234847 SUSE Bug 1234847 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 | Mem abort info: | ESR = 0x96000004 | Exception class = DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Data abort info: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Internal error: Oops: 96000004 [#1] SMP | scpi-hwmon: probe of PHYT000D:00 failed with error -110 | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1 | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | lr : clk_register+0x438/0x720 | Call trace: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | platform_drv_probe+0x58/0xa8 | really_probe+0x260/0x3d0 | driver_probe_device+0x12c/0x148 | device_driver_attach+0x74/0x98 | __driver_attach+0xb4/0xe8 | bus_for_each_dev+0x88/0xe0 | driver_attach+0x30/0x40 | bus_add_driver+0x178/0x2b0 | driver_register+0x64/0x118 | __platform_driver_register+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | do_one_initcall+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ end trace 06feb22469d89fa8 ]--- | Kernel panic - not syncing: Fatal exception | SMP: stopping secondary CPUs | Kernel Offset: disabled | CPU features: 0x10,a0002008 | Memory Limit: none CVE-2024-53157 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53157.html CVE-2024-53157 https://bugzilla.suse.com/1234827 SUSE Bug 1234827 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. CVE-2024-53158 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53158.html CVE-2024-53158 https://bugzilla.suse.com/1234811 SUSE Bug 1234811 In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. CVE-2024-53161 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53161.html CVE-2024-53161 https://bugzilla.suse.com/1234856 SUSE Bug 1234856 In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read. CVE-2024-53162 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53162.html CVE-2024-53162 https://bugzilla.suse.com/1234843 SUSE Bug 1234843 In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed. CVE-2024-53173 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53173.html CVE-2024-53173 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1234891 SUSE Bug 1234891 https://bugzilla.suse.com/1234892 SUSE Bug 1234892 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses->auth_key.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifs_mount() dfs_mount_share() get_session() cifs_mount_get_session() cifs_send_recv() cifs_get_smb_ses() compound_send_recv() cifs_setup_session() smb2_setup_request() kfree_sensitive() smb2_calc_signature() crypto_shash_setkey() *UAF* Fix this by ensuring that we have a valid @ses->auth_key.response by checking whether @ses->ses_status is SES_GOOD or SES_EXITING with @ses->ses_lock held. After commit 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()"), we made sure to call ->logoff() only when @ses was known to be good (e.g. valid ->auth_key.response), so it's safe to access signing key when @ses->ses_status == SES_EXITING. CVE-2024-53179 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53179.html CVE-2024-53179 https://bugzilla.suse.com/1234921 SUSE Bug 1234921 https://bugzilla.suse.com/1234927 SUSE Bug 1234927 In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put(). CVE-2024-53206 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53206.html CVE-2024-53206 https://bugzilla.suse.com/1234960 SUSE Bug 1234960 In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount (skb->users) and iucv_sock_recvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skb_queue_purge() and WARN_ON in iucv_sock_destruct() during socket close. To fix this decrease skb refcount by one if MSG_PEEK is set in order to prevent memory leak and WARN_ON. WARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv] CPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Call Trace: [<001587c682c4aa98>] iucv_sock_destruct+0x148/0x1a0 [af_iucv] [<001587c682c4a9d0>] iucv_sock_destruct+0x80/0x1a0 [af_iucv] [<001587c704117a32>] __sk_destruct+0x52/0x550 [<001587c704104a54>] __sock_release+0xa4/0x230 [<001587c704104c0c>] sock_close+0x2c/0x40 [<001587c702c5f5a8>] __fput+0x2e8/0x970 [<001587c7024148c4>] task_work_run+0x1c4/0x2c0 [<001587c7023b0716>] do_exit+0x996/0x1050 [<001587c7023b13aa>] do_group_exit+0x13a/0x360 [<001587c7023b1626>] __s390x_sys_exit_group+0x56/0x60 [<001587c7022bccca>] do_syscall+0x27a/0x380 [<001587c7049a6a0c>] __do_syscall+0x9c/0x160 [<001587c7049ce8a8>] system_call+0x70/0x98 Last Breaking-Event-Address: [<001587c682c4a9d4>] iucv_sock_destruct+0x84/0x1a0 [af_iucv] CVE-2024-53210 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53210.html CVE-2024-53210 https://bugzilla.suse.com/1234971 SUSE Bug 1234971 In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xx_probe(), the buffer `buf` was being freed twice: once implicitly through `usb_free_urb(dev->urb_intr)` with the `URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused a double free issue. To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to simplify the initialization sequence and removed the redundant `kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring it is correctly managed by `usb_fill_int_urb()` and freed by `usb_free_urb()` as intended. CVE-2024-53213 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53213.html CVE-2024-53213 https://bugzilla.suse.com/1234973 SUSE Bug 1234973 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability (i.e., capability with ID greater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally chosen to be hidden from the user. Hiding a capability is done by virtualizing and modifying the 'Next Capability Offset' field of the previous capability so it points to the capability after the one that should be hidden. The special case where the first capability in the list should be hidden is handled differently because there is no previous capability that can be modified. In this case, the capability ID and version are zeroed while leaving the next pointer intact. This hides the capability and leaves an anchor for the rest of the capability list. However, today, hiding the first capability in the list is not done properly if the capability is unknown, as struct vfio_pci_core_device->pci_config_map is set to the capability ID during initialization but the capability ID is not properly checked later when used in vfio_config_do_rw(). This leads to the following warning [1] and to an out-of-bounds access to ecap_perms array. Fix it by checking cap_id in vfio_config_do_rw(), and if it is greater than PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct read only access instead of the ecap_perms array. Note that this is safe since the above is the only case where cap_id can exceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which are already checked before). [1] WARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] CPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1 (snip) Call Trace: <TASK> ? show_regs+0x69/0x80 ? __warn+0x8d/0x140 ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] ? report_bug+0x18f/0x1a0 ? handle_bug+0x63/0xa0 ? exc_invalid_op+0x19/0x70 ? asm_exc_invalid_op+0x1b/0x20 ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] ? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core] vfio_pci_rw+0x101/0x1b0 [vfio_pci_core] vfio_pci_core_read+0x1d/0x30 [vfio_pci_core] vfio_device_fops_read+0x27/0x40 [vfio] vfs_read+0xbd/0x340 ? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio] ? __rseq_handle_notify_resume+0xa4/0x4b0 __x64_sys_pread64+0x96/0xc0 x64_sys_call+0x1c3d/0x20d0 do_syscall_64+0x4d/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2024-53214 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53214.html CVE-2024-53214 https://bugzilla.suse.com/1235004 SUSE Bug 1235004 https://bugzilla.suse.com/1235005 SUSE Bug 1235005 In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback. CVE-2024-53239 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53239.html CVE-2024-53239 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1235054 SUSE Bug 1235054 https://bugzilla.suse.com/1235055 SUSE Bug 1235055 In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240. CVE-2024-53240 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53240.html CVE-2024-53240 https://bugzilla.suse.com/1234281 SUSE Bug 1234281 In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. CVE-2024-53241 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-53241.html CVE-2024-53241 https://bugzilla.suse.com/1234282 SUSE Bug 1234282 In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex] The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like: ssid_len = user_scan_in->ssid_list[i].ssid_len; [...] memcpy(wildcard_ssid_tlv->ssid, user_scan_in->ssid_list[i].ssid, ssid_len); There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed. CVE-2024-56539 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56539.html CVE-2024-56539 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1234963 SUSE Bug 1234963 https://bugzilla.suse.com/1234964 SUSE Bug 1234964 In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a new min_io_size initally set to sb_min_blocksize works for the purposes of the original fix, since it will be set to the max between HFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the max between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not initialized. Tested by mounting an hfsplus filesystem with loop block sizes 512, 1024 and 4096. The produced KASAN report before the fix looks like this: [ 419.944641] ================================================================== [ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Call Trace: [ 419.950384] <TASK> [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.951830] print_report+0x14c/0x49e [ 419.952361] ? __virt_addr_valid+0x267/0x278 [ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d [ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.954231] kasan_report+0x89/0xb0 [ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.955367] hfsplus_read_wrapper+0x659/0xa0a [ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 [ 419.957214] ? _raw_spin_unlock+0x1a/0x2e [ 419.957772] hfsplus_fill_super+0x348/0x1590 [ 419.958355] ? hlock_class+0x4c/0x109 [ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.959499] ? __pfx_string+0x10/0x10 [ 419.960006] ? lock_acquire+0x3e2/0x454 [ 419.960532] ? bdev_name.constprop.0+0xce/0x243 [ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 [ 419.961799] ? pointer+0x3f0/0x62f [ 419.962277] ? __pfx_pointer+0x10/0x10 [ 419.962761] ? vsnprintf+0x6c4/0xfba [ 419.963178] ? __pfx_vsnprintf+0x10/0x10 [ 419.963621] ? setup_bdev_super+0x376/0x3b3 [ 419.964029] ? snprintf+0x9d/0xd2 [ 419.964344] ? __pfx_snprintf+0x10/0x10 [ 419.964675] ? lock_acquired+0x45c/0x5e9 [ 419.965016] ? set_blocksize+0x139/0x1c1 [ 419.965381] ? sb_set_blocksize+0x6d/0xae [ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.966179] mount_bdev+0x12f/0x1bf [ 419.966512] ? __pfx_mount_bdev+0x10/0x10 [ 419.966886] ? vfs_parse_fs_string+0xce/0x111 [ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 [ 419.968073] legacy_get_tree+0x104/0x178 [ 419.968414] vfs_get_tree+0x86/0x296 [ 419.968751] path_mount+0xba3/0xd0b [ 419.969157] ? __pfx_path_mount+0x10/0x10 [ 419.969594] ? kmem_cache_free+0x1e2/0x260 [ 419.970311] do_mount+0x99/0xe0 [ 419.970630] ? __pfx_do_mount+0x10/0x10 [ 419.971008] __do_sys_mount+0x199/0x1c9 [ 419.971397] do_syscall_64+0xd0/0x135 [ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 419.972233] RIP: 0033:0x7c3cb812972e [ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48 [ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e [ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: ---truncated--- CVE-2024-56548 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56548.html CVE-2024-56548 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1235073 SUSE Bug 1235073 https://bugzilla.suse.com/1235074 SUSE Bug 1235074 In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_cookie if (!file) return -ENOBUFS cachefiles_clean_up_object cachefiles_unmark_inode_in_use fput(object->file) object->file = NULL // file NULL pointer dereference! __cachefiles_write(..., file, ...) Fix this issue by add an additional reference count to the object->file before write/llseek, and decrement after it finished. CVE-2024-56549 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56549.html CVE-2024-56549 https://bugzilla.suse.com/1234912 SUSE Bug 1234912 In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause errors in overlayfs when passed to the lowerstack. CVE-2024-56570 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56570.html CVE-2024-56570 https://bugzilla.suse.com/1235035 SUSE Bug 1235035 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-56571 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56571.html CVE-2024-56571 https://bugzilla.suse.com/1235037 SUSE Bug 1235037 In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, dev_pm_domain_detach() requires the caller to ensure proper synchronization of this function with power management callbacks. otherwise the detach may led to kernel panic, like below: [ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 [ 1457.116777] Mem abort info: [ 1457.119589] ESR = 0x0000000096000004 [ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits [ 1457.128692] SET = 0, FnV = 0 [ 1457.131764] EA = 0, S1PTW = 0 [ 1457.134920] FSC = 0x04: level 0 translation fault [ 1457.139812] Data abort info: [ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1457.148196] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1457.153256] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000 [ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000 [ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec] [ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66 [ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT) [ 1457.199236] Workqueue: pm pm_runtime_work [ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290 [ 1457.214886] lr : __rpm_callback+0x48/0x1d8 [ 1457.218968] sp : ffff80008250bc50 [ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000 [ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240 [ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008 [ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff [ 1457.250766] x17: 5300326563697665 x16: 645f676e696c6f6f x15: 63343a6d726f6674 [ 1457.257890] x14: 0000000000000004 x13: 00000000000003a4 x12: 0000000000000002 [ 1457.265014] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff80008250bbb0 [ 1457.272138] x8 : ffff000092937200 x7 : ffff0003fdf6af80 x6 : 0000000000000000 [ 1457.279262] x5 : 00000000410fd050 x4 : 0000000000200000 x3 : 0000000000000000 [ 1457.286386] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00008590f000 [ 1457.293510] Call trace: [ 1457.295946] genpd_runtime_suspend+0x20/0x290 [ 1457.300296] __rpm_callback+0x48/0x1d8 [ 1457.304038] rpm_callback+0x6c/0x78 [ 1457.307515] rpm_suspend+0x10c/0x570 [ 1457.311077] pm_runtime_work+0xc4/0xc8 [ 1457.314813] process_one_work+0x138/0x248 [ 1457.318816] worker_thread+0x320/0x438 [ 1457.322552] kthread+0x110/0x114 [ 1457.325767] ret_from_fork+0x10/0x20 CVE-2024-56575 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56575.html CVE-2024-56575 https://bugzilla.suse.com/1235039 SUSE Bug 1235039 In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case. CVE-2024-56598 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56598.html CVE-2024-56598 https://bugzilla.suse.com/1235220 SUSE Bug 1235220 https://bugzilla.suse.com/1235221 SUSE Bug 1235221 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free. Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc(). CVE-2024-56604 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56604.html CVE-2024-56604 https://bugzilla.suse.com/1235056 SUSE Bug 1235056 https://bugzilla.suse.com/1235058 SUSE Bug 1235058 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code. CVE-2024-56605 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56605.html CVE-2024-56605 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1235061 SUSE Bug 1235061 https://bugzilla.suse.com/1235062 SUSE Bug 1235062 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned. This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size. Fix this issue by changing the type of the local variable causing the bit loss from "unsigned int" to "u64". The return value of nilfs_last_byte() is also of type "unsigned int", but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required. CVE-2024-56619 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56619.html CVE-2024-56619 https://bugzilla.suse.com/1235224 SUSE Bug 1235224 https://bugzilla.suse.com/1235225 SUSE Bug 1235225 In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING In fscache_create_volume(), there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a wake-up, the bit-clearing operation hasn't been detected yet, leading to an indefinite wait. The triggering process is as follows: [cookie1] [cookie2] [volume_work] fscache_perform_lookup fscache_create_volume fscache_perform_lookup fscache_create_volume fscache_create_volume_work cachefiles_acquire_volume clear_and_wake_up_bit test_and_set_bit test_and_set_bit goto maybe_wait goto no_wait In the above process, cookie1 and cookie2 has the same volume. When cookie1 enters the -no_wait- process, it will clear the bit and wake up the waiting process. If a barrier is missing, it may cause cookie2 to remain in the -wait- process indefinitely. In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()"), barriers were added to similar operations in fscache_create_volume_work(), but fscache_create_volume() was missed. By combining the clear and wake operations into clear_and_wake_up_bit() to fix this issue. CVE-2024-56755 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-56755.html CVE-2024-56755 https://bugzilla.suse.com/1234920 SUSE Bug 1234920 BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177. CVE-2024-8805 Container suse/sle-micro/rt-5.5:latest:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.82.1 SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.82.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250229-1/ https://www.suse.com/security/cve/CVE-2024-8805.html CVE-2024-8805 https://bugzilla.suse.com/1230697 SUSE Bug 1230697