Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1139-1 Final 1 1 2025-04-03T16:33:52Z current 2025-04-03T16:33:52Z 2025-04-03T16:33:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues. The following security issues were fixed: - CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1233023). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228578). - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1139,SUSE-SLE-Module-Live-Patching-15-SP3-2025-1139 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251139-1/ Link for SUSE-SU-2025:1139-1 https://lists.suse.com/pipermail/sle-updates/2025-April/038910.html E-Mail link for SUSE-SU-2025:1139-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1228012 SUSE Bug 1228012 https://bugzilla.suse.com/1228578 SUSE Bug 1228578 https://bugzilla.suse.com/1233023 SUSE Bug 1233023 https://www.suse.com/security/cve/CVE-2022-48791/ SUSE CVE CVE-2022-48791 page https://www.suse.com/security/cve/CVE-2022-49025/ SUSE CVE CVE-2022-49025 page https://www.suse.com/security/cve/CVE-2024-41062/ SUSE CVE CVE-2024-41062 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_161-default-14-150300.2.1 kernel-livepatch-5_3_18-150300_59_161-preempt-14-150300.2.1 kernel-livepatch-5_3_18-150300_59_161-default-14-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to timeout. When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the sas_task is freed in pm8001_exec_internal_tmf_task(). However, if the I/O completion occurs later, the I/O completion still thinks that the sas_task is available. Fix this by clearing the ccb->task if the TMF times out - the I/O completion handler does nothing if this pointer is cleared. CVE-2022-48791 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-14-150300.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251139-1/ https://www.suse.com/security/cve/CVE-2022-48791.html CVE-2022-48791 https://bugzilla.suse.com/1228002 SUSE Bug 1228002 https://bugzilla.suse.com/1228012 SUSE Bug 1228012 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null. CVE-2022-49025 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-14-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251139-1/ https://www.suse.com/security/cve/CVE-2022-49025.html CVE-2022-49025 https://bugzilla.suse.com/1231960 SUSE Bug 1231960 https://bugzilla.suse.com/1233023 SUSE Bug 1233023 In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ---- sock_close hci_rx_work l2cap_sock_release hci_acldata_packet l2cap_sock_kill l2cap_recv_frame sk_free l2cap_conless_channel l2cap_sock_recv_cb If hci_rx_work processes the data that needs to be received before the sock is closed, then everything is normal; Otherwise, the work thread may access the released sock when receiving data. Add a chan mutex in the rx callback of the sock to achieve synchronization between the sock release and recv cb. Sock is dead, so set chan data to NULL, avoid others use invalid sock pointer. CVE-2024-41062 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_161-default-14-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251139-1/ https://www.suse.com/security/cve/CVE-2024-41062.html CVE-2024-41062 https://bugzilla.suse.com/1228576 SUSE Bug 1228576 https://bugzilla.suse.com/1228578 SUSE Bug 1228578