Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02469-1 Final 1 1 2025-07-22T19:03:55Z current 2025-07-22T19:03:55Z 2025-07-22T19:03:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4) This update for the Linux Kernel 5.14.21-150400_24_161 fixes one issue. The following security issue was fixed: - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1243648). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2469,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2469 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502469-1/ Link for SUSE-SU-2025:02469-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040866.html E-Mail link for SUSE-SU-2025:02469-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243648 SUSE Bug 1243648 https://www.suse.com/security/cve/CVE-2024-56558/ SUSE CVE CVE-2024-56558 page SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-5_14_21-150400_24_161-default-2-150400.2.1 kernel-livepatch-5_14_21-150400_24_161-default-2-150400.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 819 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 ... Call Trace: <TASK> e_show+0x20b/0x230 [nfsd] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2024-56558 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_161-default-2-150400.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502469-1/ https://www.suse.com/security/cve/CVE-2024-56558.html CVE-2024-56558 https://bugzilla.suse.com/1235100 SUSE Bug 1235100 https://bugzilla.suse.com/1243648 SUSE Bug 1243648