Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1225-1 Final 1 1 2025-04-14T06:33:55Z current 2025-04-14T06:33:55Z 2025-04-14T06:33:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues. The following security issues were fixed: - CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1232818). - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238788). - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238790). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235218). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1225,SUSE-SLE-Module-Live-Patching-15-SP3-2025-1225 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251225-1/ Link for SUSE-SU-2025:1225-1 https://lists.suse.com/pipermail/sle-updates/2025-April/038967.html E-Mail link for SUSE-SU-2025:1225-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1232818 SUSE Bug 1232818 https://bugzilla.suse.com/1235218 SUSE Bug 1235218 https://bugzilla.suse.com/1238788 SUSE Bug 1238788 https://bugzilla.suse.com/1238790 SUSE Bug 1238790 https://www.suse.com/security/cve/CVE-2022-49014/ SUSE CVE CVE-2022-49014 page https://www.suse.com/security/cve/CVE-2022-49563/ SUSE CVE CVE-2022-49563 page https://www.suse.com/security/cve/CVE-2022-49564/ SUSE CVE CVE-2022-49564 page https://www.suse.com/security/cve/CVE-2024-56600/ SUSE CVE CVE-2024-56600 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_179-default-7-150300.2.1 kernel-livepatch-5_3_18-150300_59_179-preempt-7-150300.2.1 kernel-livepatch-5_3_18-150300_59_179-default-7-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach() syzbot reported use-after-free in tun_detach() [1]. This causes call trace like below: ================================================================== BUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75 Read of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673 CPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x461 mm/kasan/report.c:395 kasan_report+0xbf/0x1f0 mm/kasan/report.c:495 notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75 call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline] call_netdevice_notifiers net/core/dev.c:1997 [inline] netdev_wait_allrefs_any net/core/dev.c:10237 [inline] netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351 tun_detach drivers/net/tun.c:704 [inline] tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0x16f/0x270 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xb3d/0x2a30 kernel/exit.c:820 do_group_exit+0xd4/0x2a0 kernel/exit.c:950 get_signal+0x21b1/0x2440 kernel/signal.c:2858 arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd The cause of the issue is that sock_put() from __tun_detach() drops last reference count for struct net, and then notifier_call_chain() from netdev_state_change() accesses that struct net. This patch fixes the issue by calling sock_put() from tun_detach() after all necessary accesses for the struct net has done. CVE-2022-49014 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-7-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251225-1/ https://www.suse.com/security/cve/CVE-2022-49014.html CVE-2022-49014 https://bugzilla.suse.com/1231890 SUSE Bug 1231890 https://bugzilla.suse.com/1232818 SUSE Bug 1232818 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49563 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-7-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251225-1/ https://www.suse.com/security/cve/CVE-2022-49563.html CVE-2022-49563 https://bugzilla.suse.com/1238787 SUSE Bug 1238787 https://bugzilla.suse.com/1238788 SUSE Bug 1238788 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49564 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-7-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251225-1/ https://www.suse.com/security/cve/CVE-2022-49564.html CVE-2022-49564 https://bugzilla.suse.com/1238789 SUSE Bug 1238789 https://bugzilla.suse.com/1238790 SUSE Bug 1238790 In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error. CVE-2024-56600 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-7-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251225-1/ https://www.suse.com/security/cve/CVE-2024-56600.html CVE-2024-56600 https://bugzilla.suse.com/1235217 SUSE Bug 1235217 https://bugzilla.suse.com/1235218 SUSE Bug 1235218