Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0662-1 Final 1 1 2025-02-24T11:04:13Z current 2025-02-24T11:04:13Z 2025-02-24T11:04:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6) This update for the Linux Kernel 6.4.0-150600_10_11 fixes one issue. The following security issue was fixed: - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-662,SUSE-2025-664,SUSE-2025-666,SUSE-2025-671,SUSE-2025-672,SUSE-2025-673,SUSE-2025-685,SUSE-2025-686,SUSE-SLE-Live-Patching-12-SP5-2025-662,SUSE-SLE-Module-Live-Patching-15-SP4-2025-686,SUSE-SLE-Module-Live-Patching-15-SP5-2025-664,SUSE-SLE-Module-Live-Patching-15-SP6-2025-684 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250662-1/ Link for SUSE-SU-2025:0662-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020419.html E-Mail link for SUSE-SU-2025:0662-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236783 SUSE Bug 1236783 https://www.suse.com/security/cve/CVE-2024-53104/ SUSE CVE CVE-2024-53104 page SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Live Patching 15 SP4 SUSE Linux Enterprise Live Patching 15 SP5 SUSE Linux Enterprise Live Patching 15 SP6 kgraft-patch-4_12_14-122_234-default-4-2.1 kernel-livepatch-5_14_21-150500_55_80-default-4-150500.2.1 kernel-livepatch-6_4_0-150600_23_17-default-9-150600.2.1 kernel-livepatch-5_14_21-150400_24_141-default-3-150400.2.1 kernel-livepatch-5_14_21-150500_55_83-default-4-150500.2.1 kernel-livepatch-6_4_0-150600_23_22-default-5-150600.2.1 kernel-livepatch-5_14_21-150400_24_128-default-5-150400.2.1 kernel-livepatch-5_14_21-150400_24_136-default-4-150400.2.1 kernel-livepatch-6_4_0-150600_10_11-rt-5-150600.2.1 kgraft-patch-4_12_14-122_234-default-4-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-livepatch-5_14_21-150400_24_136-default-4-150400.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-5_14_21-150500_55_80-default-4-150500.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP5 kernel-livepatch-6_4_0-150600_10_11-rt-5-150600.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP6 In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. CVE-2024-53104 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-4-2.1 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_136-default-4-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-4-150500.2.1 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-5-150600.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250662-1/ https://www.suse.com/security/cve/CVE-2024-53104.html CVE-2024-53104 https://bugzilla.suse.com/1234025 SUSE Bug 1234025 https://bugzilla.suse.com/1236783 SUSE Bug 1236783