Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20073-1 Final 1 1 2025-02-03T09:04:16Z current 2025-02-03T09:04:16Z 2025-02-03T09:04:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: - ABI: testing: fix admv8818 attr description (git-fixes). - ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). - ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). - ALSA: control: Apply sanity check of input values for user elements (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). - ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). - ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). - ALSA: hda: cs35l41: fix module autoloading (git-fixes). - ARM: 9406/1: Fix callchain_trace() return value (git-fixes). - ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). - ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git-fixes). - ASoC: cs42l42: Convert comma to semicolon (git-fixes). - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: intel: fix module autoloading (stable-fixes). - ASoC: meson: Remove unused declartion in header file (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: soc-ac97: Fix the incorrect description (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). - ASoC: tda7419: fix module autoloading (stable-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_event: Use HCI error defines instead of magic values (stable-fixes). - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). - Documentation: ioctl: document 0x07 ioctl code (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - Drop mm patches that caused regressions (bsc#1230413) - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - HID: multitouch: Add support for GT7868Q (stable-fixes). - HID: wacom: Do not warn about dropped packets for first packet (git-fixes). - HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - Input: adp5588-keys - fix check on return code (git-fixes). - Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). - Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). - Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). - Input: tsc2004/5 - fix reset handling on probe (git-fixes). - Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). - KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). - KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). - KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). - KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git-fixes). - KVM: arm64: Do not re-initialize the KVM lock (git-fixes). - KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (git-fixes). - KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). - KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes). - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). - Move fixes into sorted section (bsc#1230119) - Move s390 kabi patch into the kabi section - Move upstreamed SCSI patches into sorted section - Move upstreamed input patch into sorted section - Move upstreamed kaslr patch into sorted section - Move upstreamed nvme patches into sorted section - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: imx6: Fix missing call to phy_power_off() in error handling (git-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). - PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) - RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) - RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) - RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) - RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) - RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) - RDMA/mlx5: Obtain upper net device only when needed (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Squashfs: sanity check symbolic link size (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (stable-fixes). - USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - afs: Do not cross .backup mountpoint from backup volume (git-fixes). - afs: Revert "afs: Hide silly-rename files from userspace" (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). - arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git-fixes). - arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). - arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). - ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - bpf, events: Use prog to emit ksymbol event for main program (git-fixes). - bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). - btrfs: fix race between direct IO write and fsync when using same fd (git-fixes). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). - bus: integrator-lm: fix OF node leak in probe() (git-fixes). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). - can: m_can: Release irq on error in m_can_open (git-fixes). - can: m_can: enable NAPI before enabling interrupts (git-fixes). - can: m_can: m_can_close(): stop clocks after device has been shut down (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). - can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). - can: mcp251xfd: properly indent labels (stable-fixes). - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). - clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git-fixes). - clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). - clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git-fixes). - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). - clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). - cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable-fixes). - cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). - cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). - crypto: iaa - Fix potential use after free bug (git-fixes). - crypto: qat - fix unintentional re-enabling of error interrupts (stable-fixes). - crypto: xor - fix template benchmarking (git-fixes). - cxl/core: Fix incorrect vendor debug UUID define (git-fixes). - cxl/pci: Fix to record only non-zero ranges (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). - dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). - dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). - dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). - driver core: Fix a potential null-ptr-deref in module_add_driver() (git-fixes). - driver core: Fix error handling in driver API device_rename() (git-fixes). - driver: iio: add missing checks on iio_info's callback access (stable-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). - drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). - drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). - drm/amd/display: Check BIOS images before it is used (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check index for aux_rd_interval before using (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Defer handling mst up request in resume (stable-fixes). - drm/amd/display: Disable error correction if it's not supported (stable-fixes). - drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). - drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). - drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). - drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). - drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). - drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). - drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). - drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). - drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). - drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Solve mst monitors blank out problem after resume (git-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git-fixes). - drm/amd/display: use preferred link settings for dp signal only (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: check specific index for smu13 (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/amd: Add gfx12 swizzle mode defs (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). - drm/amdgpu: Fix get each xcp macro (git-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). - drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable-fixes). - drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). - drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). - drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). - drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). - drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). - drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). - drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). - drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). - drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). - drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/i915: Do not attempt to load the GSC multiple times (git-fixes). - drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). - drm/mediatek: Set sensible cursor width/height values to fix crash (stable-fixes). - drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm/nouveau/fb: restore init() for ramgp102 (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/radeon: properly handle vbios fake edid sizing (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). - drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). - drm: komeda: Fix an issue related to normalized zpos (stable-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). - erofs: fix incorrect symlink detection in fast symlink (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). - fuse: fix memory leak in fuse_create_open (bsc#1230124). - fuse: update stats for pages in dropped aux writeback list (bsc#1230125). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). - gpio: modepin: Enable module autoloading (git-fixes). - gpio: rockchip: fix OF node leak in probe() (git-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). - hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kABI workaround for cros_ec stuff (git-fixes). - kABI: Split kABI out of 'io_uring/kbuf: get rid of bl->is_ready' - kABI: Split kABI out of 'io_uring: Re-add dummy_ubuf for kABI purposes' - kABI: Split kABI out of io_uring/kbuf: protect io_buffer_list teardown with a reference - kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - leds: spi-byte: Call of_node_put() on error path (stable-fixes). - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable-fixes). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). - media: ov5675: Fix power on/off delay timings (git-fixes). - media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). - memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). - minmax: reduce min/max macro expansion in atomisp driver (git-fixes). - misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). - mmc: core: apply SD quirks earlier during probe (git-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - module: Fix KCOV-ignored file name (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: phy: Fix missing of_node_put() for leds (git-fixes). - net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nouveau: fix the fwsec sb verification register (git-fixes). - nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). - nvme-multipath: system fails to create generic nvme device (bsc#1228244). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: allocate tagset on reset if necessary (git-fixes). - nvme-tcp: fix link failure for TCP auth (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme: clear caller pointer on identify failure (git-fixes). - nvme: fix namespace removal list (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - perf annotate: Introduce global annotation_options (git-fixes). - perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). - perf annotate: Use global annotation_options (git-fixes). - perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). - perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). - perf intel-pt: Fix exclude_guest setting (git-fixes). - perf machine thread: Remove exited threads by default (git-fixes). - perf maps: Move symbol maps functions to maps.c (git-fixes). - perf pmu: Assume sysfs events are always the same case (git-fixes). - perf pmus: Fixes always false when compare duplicates aliases (git-fixes). - perf record: Lazy load kernel symbols (git-fixes). - perf report: Convert to the global annotation_options (git-fixes). - perf report: Fix condition in sort__sym_cmp() (git-fixes). - perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). - perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). - perf tool: fix dereferencing NULL al->maps (git-fixes). - perf tools: Add/use PMU reverse lookup from config to name (git-fixes). - perf tools: Use pmus to describe type from attribute (git-fixes). - perf top: Convert to the global annotation_options (git-fixes). - perf/core: Fix missing wakeup when waiting for context reference (git-fixes). - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git-fixes). - perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). - perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). - perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git-fixes). - perf/x86/intel/pt: Fix topa_entry base length (git-fixes). - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git-fixes). - perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). - perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). - perf/x86/intel: Factor out the initialization code for SPR (git fixes). - perf/x86/intel: Limit the period on Haswell (git-fixes). - perf/x86/intel: Use the common uarch name for the shared functions (git fixes). - perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). - perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). - perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). - perf/x86/uncore: Save the unit control address of all units (bsc#1230119). - perf/x86/uncore: Support per PMU cpumask (bsc#1230119). - perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). - perf/x86: Serialize set_attr_rdpmc() (git-fixes). - perf: Fix default aux_watermark calculation (git-fixes). - perf: Fix event leak upon exit (git-fixes). - perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). - perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). - perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). - phy: zynqmp: Take the phy mutex in xlate (stable-fixes). - pinctrl: at91: make it work with current gpiolib (stable-fixes). - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable-fixes). - platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). - powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). - regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). - regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). - regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). - regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). - regulator: rt5120: Convert comma to semicolon (git-fixes). - regulator: wm831x-isink: Convert comma to semicolon (git-fixes). - remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). - remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). - remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). - reset: berlin: fix OF node leak in probe() error path (git-fixes). - reset: k210: fix OF node leak in probe() error path (git-fixes). - resource: fix region_intersects() vs add_memory_driver_managed() (git-fixes). - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). - s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). - s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). - s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). - s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). - scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). - scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - selftests: lib: remove strscpy test (git-fixes). - selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). - soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). - soc: versatile: integrator: fix OF node leak in probe() error path (git-fixes). - spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). - spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: bcm63xx: Enable module autoloading (stable-fixes). - spi: bcm63xx: Fix module autoloading (git-fixes). - spi: meson-spicc: convert comma to semicolon (git-fixes). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). - spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). - spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git-fixes). - spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). - spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) - thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). - thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git-fixes). - thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git-fixes). - thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: ipheth: add CDC NCM support (git-fixes). - usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). - usbnet: ipheth: drop RX URBs with no payload (git-fixes). - usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). - usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). - usbnet: ipheth: remove extraneous rx URB length check (git-fixes). - usbnet: ipheth: transmit URBs without trailing padding (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - virtio-net: synchronize probe with ndo_set_features (git-fixes). - virtio_net: Fix napi_skb_cache_put warning (git-fixes). - virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: fix BSS chan info request WMI command (git-fixes). - wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). - wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). - wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). - wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). - wifi: brcmfmac: introducing fwil query functions (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). - wifi: cfg80211: restrict operation during radar detection (stable-fixes). - wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). - wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). - wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). - wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). - wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). - wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). - wifi: mac80211: fix the comeback long retry times (git-fixes). - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). - wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). - wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). - wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). - wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). - wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). - wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). - wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). - wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). - wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). - wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: rtw88: usb: schedule rx work after everything is set up (stable-fixes). - wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). - wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). - x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). - x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). - x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-81 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ Link for SUSE-SU-2025:20073-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021282.html E-Mail link for SUSE-SU-2025:20073-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1012628 SUSE Bug 1012628 https://bugzilla.suse.com/1183045 SUSE Bug 1183045 https://bugzilla.suse.com/1215199 SUSE Bug 1215199 https://bugzilla.suse.com/1216223 SUSE Bug 1216223 https://bugzilla.suse.com/1216776 SUSE Bug 1216776 https://bugzilla.suse.com/1220382 SUSE Bug 1220382 https://bugzilla.suse.com/1221527 SUSE Bug 1221527 https://bugzilla.suse.com/1221610 SUSE Bug 1221610 https://bugzilla.suse.com/1221650 SUSE Bug 1221650 https://bugzilla.suse.com/1222629 SUSE Bug 1222629 https://bugzilla.suse.com/1223600 SUSE Bug 1223600 https://bugzilla.suse.com/1223848 SUSE Bug 1223848 https://bugzilla.suse.com/1225487 SUSE Bug 1225487 https://bugzilla.suse.com/1225812 SUSE Bug 1225812 https://bugzilla.suse.com/1225903 SUSE Bug 1225903 https://bugzilla.suse.com/1226003 SUSE Bug 1226003 https://bugzilla.suse.com/1226507 SUSE Bug 1226507 https://bugzilla.suse.com/1226606 SUSE Bug 1226606 https://bugzilla.suse.com/1226666 SUSE Bug 1226666 https://bugzilla.suse.com/1226846 SUSE Bug 1226846 https://bugzilla.suse.com/1226860 SUSE Bug 1226860 https://bugzilla.suse.com/1227487 SUSE Bug 1227487 https://bugzilla.suse.com/1227694 SUSE Bug 1227694 https://bugzilla.suse.com/1227726 SUSE Bug 1227726 https://bugzilla.suse.com/1227819 SUSE Bug 1227819 https://bugzilla.suse.com/1227885 SUSE Bug 1227885 https://bugzilla.suse.com/1227890 SUSE Bug 1227890 https://bugzilla.suse.com/1227962 SUSE Bug 1227962 https://bugzilla.suse.com/1228090 SUSE Bug 1228090 https://bugzilla.suse.com/1228140 SUSE Bug 1228140 https://bugzilla.suse.com/1228244 SUSE Bug 1228244 https://bugzilla.suse.com/1228507 SUSE Bug 1228507 https://bugzilla.suse.com/1228771 SUSE Bug 1228771 https://bugzilla.suse.com/1229001 SUSE Bug 1229001 https://bugzilla.suse.com/1229004 SUSE Bug 1229004 https://bugzilla.suse.com/1229019 SUSE Bug 1229019 https://bugzilla.suse.com/1229086 SUSE Bug 1229086 https://bugzilla.suse.com/1229167 SUSE Bug 1229167 https://bugzilla.suse.com/1229169 SUSE Bug 1229169 https://bugzilla.suse.com/1229289 SUSE Bug 1229289 https://bugzilla.suse.com/1229334 SUSE Bug 1229334 https://bugzilla.suse.com/1229362 SUSE Bug 1229362 https://bugzilla.suse.com/1229363 SUSE Bug 1229363 https://bugzilla.suse.com/1229364 SUSE Bug 1229364 https://bugzilla.suse.com/1229371 SUSE Bug 1229371 https://bugzilla.suse.com/1229380 SUSE Bug 1229380 https://bugzilla.suse.com/1229389 SUSE Bug 1229389 https://bugzilla.suse.com/1229394 SUSE Bug 1229394 https://bugzilla.suse.com/1229429 SUSE Bug 1229429 https://bugzilla.suse.com/1229443 SUSE Bug 1229443 https://bugzilla.suse.com/1229452 SUSE Bug 1229452 https://bugzilla.suse.com/1229455 SUSE Bug 1229455 https://bugzilla.suse.com/1229456 SUSE Bug 1229456 https://bugzilla.suse.com/1229494 SUSE Bug 1229494 https://bugzilla.suse.com/1229585 SUSE Bug 1229585 https://bugzilla.suse.com/1229753 SUSE Bug 1229753 https://bugzilla.suse.com/1229764 SUSE Bug 1229764 https://bugzilla.suse.com/1229768 SUSE Bug 1229768 https://bugzilla.suse.com/1229790 SUSE Bug 1229790 https://bugzilla.suse.com/1229810 SUSE Bug 1229810 https://bugzilla.suse.com/1229899 SUSE Bug 1229899 https://bugzilla.suse.com/1229928 SUSE Bug 1229928 https://bugzilla.suse.com/1230015 SUSE Bug 1230015 https://bugzilla.suse.com/1230119 SUSE Bug 1230119 https://bugzilla.suse.com/1230123 SUSE Bug 1230123 https://bugzilla.suse.com/1230124 SUSE Bug 1230124 https://bugzilla.suse.com/1230125 SUSE Bug 1230125 https://bugzilla.suse.com/1230169 SUSE Bug 1230169 https://bugzilla.suse.com/1230170 SUSE Bug 1230170 https://bugzilla.suse.com/1230171 SUSE Bug 1230171 https://bugzilla.suse.com/1230173 SUSE Bug 1230173 https://bugzilla.suse.com/1230174 SUSE Bug 1230174 https://bugzilla.suse.com/1230175 SUSE Bug 1230175 https://bugzilla.suse.com/1230176 SUSE Bug 1230176 https://bugzilla.suse.com/1230178 SUSE Bug 1230178 https://bugzilla.suse.com/1230180 SUSE Bug 1230180 https://bugzilla.suse.com/1230181 SUSE Bug 1230181 https://bugzilla.suse.com/1230185 SUSE Bug 1230185 https://bugzilla.suse.com/1230191 SUSE Bug 1230191 https://bugzilla.suse.com/1230192 SUSE Bug 1230192 https://bugzilla.suse.com/1230193 SUSE Bug 1230193 https://bugzilla.suse.com/1230194 SUSE Bug 1230194 https://bugzilla.suse.com/1230195 SUSE Bug 1230195 https://bugzilla.suse.com/1230200 SUSE Bug 1230200 https://bugzilla.suse.com/1230204 SUSE Bug 1230204 https://bugzilla.suse.com/1230206 SUSE Bug 1230206 https://bugzilla.suse.com/1230207 SUSE Bug 1230207 https://bugzilla.suse.com/1230209 SUSE Bug 1230209 https://bugzilla.suse.com/1230211 SUSE Bug 1230211 https://bugzilla.suse.com/1230213 SUSE Bug 1230213 https://bugzilla.suse.com/1230217 SUSE Bug 1230217 https://bugzilla.suse.com/1230221 SUSE Bug 1230221 https://bugzilla.suse.com/1230224 SUSE Bug 1230224 https://bugzilla.suse.com/1230230 SUSE Bug 1230230 https://bugzilla.suse.com/1230232 SUSE Bug 1230232 https://bugzilla.suse.com/1230233 SUSE Bug 1230233 https://bugzilla.suse.com/1230240 SUSE Bug 1230240 https://bugzilla.suse.com/1230244 SUSE Bug 1230244 https://bugzilla.suse.com/1230245 SUSE Bug 1230245 https://bugzilla.suse.com/1230247 SUSE Bug 1230247 https://bugzilla.suse.com/1230248 SUSE Bug 1230248 https://bugzilla.suse.com/1230269 SUSE Bug 1230269 https://bugzilla.suse.com/1230270 SUSE Bug 1230270 https://bugzilla.suse.com/1230295 SUSE Bug 1230295 https://bugzilla.suse.com/1230340 SUSE Bug 1230340 https://bugzilla.suse.com/1230413 SUSE Bug 1230413 https://bugzilla.suse.com/1230426 SUSE Bug 1230426 https://bugzilla.suse.com/1230430 SUSE Bug 1230430 https://bugzilla.suse.com/1230431 SUSE Bug 1230431 https://bugzilla.suse.com/1230432 SUSE Bug 1230432 https://bugzilla.suse.com/1230433 SUSE Bug 1230433 https://bugzilla.suse.com/1230434 SUSE Bug 1230434 https://bugzilla.suse.com/1230435 SUSE Bug 1230435 https://bugzilla.suse.com/1230440 SUSE Bug 1230440 https://bugzilla.suse.com/1230441 SUSE Bug 1230441 https://bugzilla.suse.com/1230442 SUSE Bug 1230442 https://bugzilla.suse.com/1230444 SUSE Bug 1230444 https://bugzilla.suse.com/1230450 SUSE Bug 1230450 https://bugzilla.suse.com/1230451 SUSE Bug 1230451 https://bugzilla.suse.com/1230454 SUSE Bug 1230454 https://bugzilla.suse.com/1230455 SUSE Bug 1230455 https://bugzilla.suse.com/1230457 SUSE Bug 1230457 https://bugzilla.suse.com/1230459 SUSE Bug 1230459 https://bugzilla.suse.com/1230506 SUSE Bug 1230506 https://bugzilla.suse.com/1230507 SUSE Bug 1230507 https://bugzilla.suse.com/1230511 SUSE Bug 1230511 https://bugzilla.suse.com/1230515 SUSE Bug 1230515 https://bugzilla.suse.com/1230517 SUSE Bug 1230517 https://bugzilla.suse.com/1230518 SUSE Bug 1230518 https://bugzilla.suse.com/1230519 SUSE Bug 1230519 https://bugzilla.suse.com/1230520 SUSE Bug 1230520 https://bugzilla.suse.com/1230521 SUSE Bug 1230521 https://bugzilla.suse.com/1230524 SUSE Bug 1230524 https://bugzilla.suse.com/1230526 SUSE Bug 1230526 https://bugzilla.suse.com/1230533 SUSE Bug 1230533 https://bugzilla.suse.com/1230535 SUSE Bug 1230535 https://bugzilla.suse.com/1230539 SUSE Bug 1230539 https://bugzilla.suse.com/1230540 SUSE Bug 1230540 https://bugzilla.suse.com/1230549 SUSE Bug 1230549 https://bugzilla.suse.com/1230556 SUSE Bug 1230556 https://bugzilla.suse.com/1230562 SUSE Bug 1230562 https://bugzilla.suse.com/1230563 SUSE Bug 1230563 https://bugzilla.suse.com/1230564 SUSE Bug 1230564 https://bugzilla.suse.com/1230580 SUSE Bug 1230580 https://bugzilla.suse.com/1230582 SUSE Bug 1230582 https://bugzilla.suse.com/1230589 SUSE Bug 1230589 https://bugzilla.suse.com/1230602 SUSE Bug 1230602 https://bugzilla.suse.com/1230699 SUSE Bug 1230699 https://bugzilla.suse.com/1230700 SUSE Bug 1230700 https://bugzilla.suse.com/1230701 SUSE Bug 1230701 https://bugzilla.suse.com/1230702 SUSE Bug 1230702 https://bugzilla.suse.com/1230703 SUSE Bug 1230703 https://bugzilla.suse.com/1230704 SUSE Bug 1230704 https://bugzilla.suse.com/1230705 SUSE Bug 1230705 https://bugzilla.suse.com/1230706 SUSE Bug 1230706 https://bugzilla.suse.com/1230709 SUSE Bug 1230709 https://bugzilla.suse.com/1230711 SUSE Bug 1230711 https://bugzilla.suse.com/1230712 SUSE Bug 1230712 https://bugzilla.suse.com/1230715 SUSE Bug 1230715 https://bugzilla.suse.com/1230719 SUSE Bug 1230719 https://bugzilla.suse.com/1230722 SUSE Bug 1230722 https://bugzilla.suse.com/1230724 SUSE Bug 1230724 https://bugzilla.suse.com/1230725 SUSE Bug 1230725 https://bugzilla.suse.com/1230726 SUSE Bug 1230726 https://bugzilla.suse.com/1230727 SUSE Bug 1230727 https://bugzilla.suse.com/1230730 SUSE Bug 1230730 https://bugzilla.suse.com/1230731 SUSE Bug 1230731 https://bugzilla.suse.com/1230732 SUSE Bug 1230732 https://bugzilla.suse.com/1230747 SUSE Bug 1230747 https://bugzilla.suse.com/1230748 SUSE Bug 1230748 https://bugzilla.suse.com/1230749 SUSE Bug 1230749 https://bugzilla.suse.com/1230751 SUSE Bug 1230751 https://bugzilla.suse.com/1230752 SUSE Bug 1230752 https://bugzilla.suse.com/1230753 SUSE Bug 1230753 https://bugzilla.suse.com/1230756 SUSE Bug 1230756 https://bugzilla.suse.com/1230761 SUSE Bug 1230761 https://bugzilla.suse.com/1230766 SUSE Bug 1230766 https://bugzilla.suse.com/1230767 SUSE Bug 1230767 https://bugzilla.suse.com/1230768 SUSE Bug 1230768 https://bugzilla.suse.com/1230771 SUSE Bug 1230771 https://bugzilla.suse.com/1230772 SUSE Bug 1230772 https://bugzilla.suse.com/1230775 SUSE Bug 1230775 https://bugzilla.suse.com/1230776 SUSE Bug 1230776 https://bugzilla.suse.com/1230780 SUSE Bug 1230780 https://bugzilla.suse.com/1230783 SUSE Bug 1230783 https://bugzilla.suse.com/1230786 SUSE Bug 1230786 https://bugzilla.suse.com/1230787 SUSE Bug 1230787 https://bugzilla.suse.com/1230791 SUSE Bug 1230791 https://bugzilla.suse.com/1230794 SUSE Bug 1230794 https://bugzilla.suse.com/1230796 SUSE Bug 1230796 https://bugzilla.suse.com/1230802 SUSE Bug 1230802 https://bugzilla.suse.com/1230806 SUSE Bug 1230806 https://bugzilla.suse.com/1230808 SUSE Bug 1230808 https://bugzilla.suse.com/1230809 SUSE Bug 1230809 https://bugzilla.suse.com/1230810 SUSE Bug 1230810 https://bugzilla.suse.com/1230812 SUSE Bug 1230812 https://bugzilla.suse.com/1230813 SUSE Bug 1230813 https://bugzilla.suse.com/1230814 SUSE Bug 1230814 https://bugzilla.suse.com/1230815 SUSE Bug 1230815 https://bugzilla.suse.com/1230821 SUSE Bug 1230821 https://bugzilla.suse.com/1230825 SUSE Bug 1230825 https://bugzilla.suse.com/1230830 SUSE Bug 1230830 https://bugzilla.suse.com/1230831 SUSE Bug 1230831 https://bugzilla.suse.com/1230854 SUSE Bug 1230854 https://bugzilla.suse.com/1230948 SUSE Bug 1230948 https://bugzilla.suse.com/1231008 SUSE Bug 1231008 https://bugzilla.suse.com/1231035 SUSE Bug 1231035 https://bugzilla.suse.com/1231120 SUSE Bug 1231120 https://bugzilla.suse.com/1231146 SUSE Bug 1231146 https://bugzilla.suse.com/1231182 SUSE Bug 1231182 https://bugzilla.suse.com/1231183 SUSE Bug 1231183 https://www.suse.com/security/cve/CVE-2023-52610/ SUSE CVE CVE-2023-52610 page https://www.suse.com/security/cve/CVE-2023-52752/ SUSE CVE CVE-2023-52752 page https://www.suse.com/security/cve/CVE-2023-52915/ SUSE CVE CVE-2023-52915 page https://www.suse.com/security/cve/CVE-2023-52916/ SUSE CVE CVE-2023-52916 page https://www.suse.com/security/cve/CVE-2024-26640/ SUSE CVE CVE-2024-26640 page https://www.suse.com/security/cve/CVE-2024-26759/ SUSE CVE CVE-2024-26759 page https://www.suse.com/security/cve/CVE-2024-26804/ SUSE CVE CVE-2024-26804 page https://www.suse.com/security/cve/CVE-2024-36953/ SUSE CVE CVE-2024-36953 page https://www.suse.com/security/cve/CVE-2024-38538/ SUSE CVE CVE-2024-38538 page https://www.suse.com/security/cve/CVE-2024-38596/ SUSE CVE CVE-2024-38596 page https://www.suse.com/security/cve/CVE-2024-38632/ SUSE CVE CVE-2024-38632 page https://www.suse.com/security/cve/CVE-2024-40965/ SUSE CVE CVE-2024-40965 page https://www.suse.com/security/cve/CVE-2024-40973/ SUSE CVE CVE-2024-40973 page https://www.suse.com/security/cve/CVE-2024-40983/ SUSE CVE CVE-2024-40983 page https://www.suse.com/security/cve/CVE-2024-42154/ SUSE CVE CVE-2024-42154 page https://www.suse.com/security/cve/CVE-2024-42243/ SUSE CVE CVE-2024-42243 page https://www.suse.com/security/cve/CVE-2024-42252/ SUSE CVE CVE-2024-42252 page https://www.suse.com/security/cve/CVE-2024-42265/ SUSE CVE CVE-2024-42265 page https://www.suse.com/security/cve/CVE-2024-42294/ SUSE CVE CVE-2024-42294 page https://www.suse.com/security/cve/CVE-2024-42304/ SUSE CVE CVE-2024-42304 page https://www.suse.com/security/cve/CVE-2024-42305/ SUSE CVE CVE-2024-42305 page https://www.suse.com/security/cve/CVE-2024-42306/ SUSE CVE CVE-2024-42306 page https://www.suse.com/security/cve/CVE-2024-43828/ SUSE CVE CVE-2024-43828 page https://www.suse.com/security/cve/CVE-2024-43832/ SUSE CVE CVE-2024-43832 page https://www.suse.com/security/cve/CVE-2024-43835/ SUSE CVE CVE-2024-43835 page https://www.suse.com/security/cve/CVE-2024-43845/ SUSE CVE CVE-2024-43845 page https://www.suse.com/security/cve/CVE-2024-43870/ SUSE CVE CVE-2024-43870 page https://www.suse.com/security/cve/CVE-2024-43890/ SUSE CVE CVE-2024-43890 page https://www.suse.com/security/cve/CVE-2024-43898/ SUSE CVE CVE-2024-43898 page https://www.suse.com/security/cve/CVE-2024-43904/ SUSE CVE CVE-2024-43904 page https://www.suse.com/security/cve/CVE-2024-43914/ SUSE CVE CVE-2024-43914 page https://www.suse.com/security/cve/CVE-2024-44935/ SUSE CVE CVE-2024-44935 page https://www.suse.com/security/cve/CVE-2024-44944/ SUSE CVE CVE-2024-44944 page https://www.suse.com/security/cve/CVE-2024-44946/ SUSE CVE CVE-2024-44946 page https://www.suse.com/security/cve/CVE-2024-44947/ SUSE CVE CVE-2024-44947 page https://www.suse.com/security/cve/CVE-2024-44948/ SUSE CVE CVE-2024-44948 page https://www.suse.com/security/cve/CVE-2024-44950/ SUSE CVE CVE-2024-44950 page https://www.suse.com/security/cve/CVE-2024-44951/ SUSE CVE CVE-2024-44951 page https://www.suse.com/security/cve/CVE-2024-44952/ SUSE CVE CVE-2024-44952 page https://www.suse.com/security/cve/CVE-2024-44954/ SUSE CVE CVE-2024-44954 page https://www.suse.com/security/cve/CVE-2024-44960/ SUSE CVE CVE-2024-44960 page https://www.suse.com/security/cve/CVE-2024-44961/ SUSE CVE CVE-2024-44961 page https://www.suse.com/security/cve/CVE-2024-44962/ SUSE CVE CVE-2024-44962 page https://www.suse.com/security/cve/CVE-2024-44965/ SUSE CVE CVE-2024-44965 page https://www.suse.com/security/cve/CVE-2024-44967/ SUSE CVE CVE-2024-44967 page https://www.suse.com/security/cve/CVE-2024-44969/ SUSE CVE CVE-2024-44969 page https://www.suse.com/security/cve/CVE-2024-44970/ SUSE CVE CVE-2024-44970 page https://www.suse.com/security/cve/CVE-2024-44971/ SUSE CVE CVE-2024-44971 page https://www.suse.com/security/cve/CVE-2024-44977/ SUSE CVE CVE-2024-44977 page https://www.suse.com/security/cve/CVE-2024-44982/ SUSE CVE CVE-2024-44982 page https://www.suse.com/security/cve/CVE-2024-44984/ SUSE CVE CVE-2024-44984 page https://www.suse.com/security/cve/CVE-2024-44985/ SUSE CVE CVE-2024-44985 page https://www.suse.com/security/cve/CVE-2024-44986/ SUSE CVE CVE-2024-44986 page https://www.suse.com/security/cve/CVE-2024-44987/ SUSE CVE CVE-2024-44987 page https://www.suse.com/security/cve/CVE-2024-44988/ SUSE CVE CVE-2024-44988 page https://www.suse.com/security/cve/CVE-2024-44989/ SUSE CVE CVE-2024-44989 page https://www.suse.com/security/cve/CVE-2024-44990/ SUSE CVE CVE-2024-44990 page https://www.suse.com/security/cve/CVE-2024-44991/ SUSE CVE CVE-2024-44991 page https://www.suse.com/security/cve/CVE-2024-44997/ SUSE CVE CVE-2024-44997 page https://www.suse.com/security/cve/CVE-2024-44998/ SUSE CVE CVE-2024-44998 page https://www.suse.com/security/cve/CVE-2024-44999/ SUSE CVE CVE-2024-44999 page https://www.suse.com/security/cve/CVE-2024-45000/ SUSE CVE CVE-2024-45000 page https://www.suse.com/security/cve/CVE-2024-45001/ SUSE CVE CVE-2024-45001 page https://www.suse.com/security/cve/CVE-2024-45002/ SUSE CVE CVE-2024-45002 page https://www.suse.com/security/cve/CVE-2024-45003/ SUSE CVE CVE-2024-45003 page https://www.suse.com/security/cve/CVE-2024-45005/ SUSE CVE CVE-2024-45005 page https://www.suse.com/security/cve/CVE-2024-45006/ SUSE CVE CVE-2024-45006 page https://www.suse.com/security/cve/CVE-2024-45007/ SUSE CVE CVE-2024-45007 page https://www.suse.com/security/cve/CVE-2024-45008/ SUSE CVE CVE-2024-45008 page https://www.suse.com/security/cve/CVE-2024-45011/ SUSE CVE CVE-2024-45011 page https://www.suse.com/security/cve/CVE-2024-45012/ SUSE CVE CVE-2024-45012 page https://www.suse.com/security/cve/CVE-2024-45013/ SUSE CVE CVE-2024-45013 page https://www.suse.com/security/cve/CVE-2024-45015/ SUSE CVE CVE-2024-45015 page https://www.suse.com/security/cve/CVE-2024-45017/ SUSE CVE CVE-2024-45017 page https://www.suse.com/security/cve/CVE-2024-45018/ SUSE CVE CVE-2024-45018 page https://www.suse.com/security/cve/CVE-2024-45019/ SUSE CVE CVE-2024-45019 page https://www.suse.com/security/cve/CVE-2024-45020/ SUSE CVE CVE-2024-45020 page https://www.suse.com/security/cve/CVE-2024-45021/ SUSE CVE CVE-2024-45021 page https://www.suse.com/security/cve/CVE-2024-45022/ SUSE CVE CVE-2024-45022 page https://www.suse.com/security/cve/CVE-2024-45023/ SUSE CVE CVE-2024-45023 page https://www.suse.com/security/cve/CVE-2024-45026/ SUSE CVE CVE-2024-45026 page https://www.suse.com/security/cve/CVE-2024-45028/ SUSE CVE CVE-2024-45028 page https://www.suse.com/security/cve/CVE-2024-45029/ SUSE CVE CVE-2024-45029 page https://www.suse.com/security/cve/CVE-2024-45030/ SUSE CVE CVE-2024-45030 page https://www.suse.com/security/cve/CVE-2024-46672/ SUSE CVE CVE-2024-46672 page https://www.suse.com/security/cve/CVE-2024-46673/ SUSE CVE CVE-2024-46673 page https://www.suse.com/security/cve/CVE-2024-46674/ SUSE CVE CVE-2024-46674 page https://www.suse.com/security/cve/CVE-2024-46675/ SUSE CVE CVE-2024-46675 page https://www.suse.com/security/cve/CVE-2024-46676/ SUSE CVE CVE-2024-46676 page https://www.suse.com/security/cve/CVE-2024-46677/ SUSE CVE CVE-2024-46677 page https://www.suse.com/security/cve/CVE-2024-46679/ SUSE CVE CVE-2024-46679 page https://www.suse.com/security/cve/CVE-2024-46685/ SUSE CVE CVE-2024-46685 page https://www.suse.com/security/cve/CVE-2024-46686/ SUSE CVE CVE-2024-46686 page https://www.suse.com/security/cve/CVE-2024-46687/ SUSE CVE CVE-2024-46687 page https://www.suse.com/security/cve/CVE-2024-46689/ SUSE CVE CVE-2024-46689 page https://www.suse.com/security/cve/CVE-2024-46691/ SUSE CVE CVE-2024-46691 page https://www.suse.com/security/cve/CVE-2024-46692/ SUSE CVE CVE-2024-46692 page https://www.suse.com/security/cve/CVE-2024-46693/ SUSE CVE CVE-2024-46693 page https://www.suse.com/security/cve/CVE-2024-46694/ SUSE CVE CVE-2024-46694 page https://www.suse.com/security/cve/CVE-2024-46695/ SUSE CVE CVE-2024-46695 page https://www.suse.com/security/cve/CVE-2024-46702/ SUSE CVE CVE-2024-46702 page https://www.suse.com/security/cve/CVE-2024-46706/ SUSE CVE CVE-2024-46706 page https://www.suse.com/security/cve/CVE-2024-46707/ SUSE CVE CVE-2024-46707 page https://www.suse.com/security/cve/CVE-2024-46709/ SUSE CVE CVE-2024-46709 page https://www.suse.com/security/cve/CVE-2024-46710/ SUSE CVE CVE-2024-46710 page https://www.suse.com/security/cve/CVE-2024-46714/ SUSE CVE CVE-2024-46714 page https://www.suse.com/security/cve/CVE-2024-46715/ SUSE CVE CVE-2024-46715 page https://www.suse.com/security/cve/CVE-2024-46716/ SUSE CVE CVE-2024-46716 page https://www.suse.com/security/cve/CVE-2024-46717/ SUSE CVE CVE-2024-46717 page https://www.suse.com/security/cve/CVE-2024-46719/ SUSE CVE CVE-2024-46719 page https://www.suse.com/security/cve/CVE-2024-46720/ SUSE CVE CVE-2024-46720 page https://www.suse.com/security/cve/CVE-2024-46722/ SUSE CVE CVE-2024-46722 page https://www.suse.com/security/cve/CVE-2024-46723/ SUSE CVE CVE-2024-46723 page https://www.suse.com/security/cve/CVE-2024-46724/ SUSE CVE CVE-2024-46724 page https://www.suse.com/security/cve/CVE-2024-46725/ SUSE CVE CVE-2024-46725 page https://www.suse.com/security/cve/CVE-2024-46726/ SUSE CVE CVE-2024-46726 page https://www.suse.com/security/cve/CVE-2024-46728/ SUSE CVE CVE-2024-46728 page https://www.suse.com/security/cve/CVE-2024-46729/ SUSE CVE CVE-2024-46729 page https://www.suse.com/security/cve/CVE-2024-46730/ SUSE CVE CVE-2024-46730 page https://www.suse.com/security/cve/CVE-2024-46731/ SUSE CVE CVE-2024-46731 page https://www.suse.com/security/cve/CVE-2024-46732/ SUSE CVE CVE-2024-46732 page https://www.suse.com/security/cve/CVE-2024-46734/ SUSE CVE CVE-2024-46734 page https://www.suse.com/security/cve/CVE-2024-46735/ SUSE CVE CVE-2024-46735 page https://www.suse.com/security/cve/CVE-2024-46737/ SUSE CVE CVE-2024-46737 page https://www.suse.com/security/cve/CVE-2024-46738/ SUSE CVE CVE-2024-46738 page https://www.suse.com/security/cve/CVE-2024-46739/ SUSE CVE CVE-2024-46739 page https://www.suse.com/security/cve/CVE-2024-46741/ SUSE CVE CVE-2024-46741 page https://www.suse.com/security/cve/CVE-2024-46743/ SUSE CVE CVE-2024-46743 page https://www.suse.com/security/cve/CVE-2024-46744/ SUSE CVE CVE-2024-46744 page https://www.suse.com/security/cve/CVE-2024-46745/ SUSE CVE CVE-2024-46745 page https://www.suse.com/security/cve/CVE-2024-46746/ SUSE CVE CVE-2024-46746 page https://www.suse.com/security/cve/CVE-2024-46747/ SUSE CVE CVE-2024-46747 page https://www.suse.com/security/cve/CVE-2024-46749/ SUSE CVE CVE-2024-46749 page https://www.suse.com/security/cve/CVE-2024-46750/ SUSE CVE CVE-2024-46750 page https://www.suse.com/security/cve/CVE-2024-46751/ SUSE CVE CVE-2024-46751 page https://www.suse.com/security/cve/CVE-2024-46752/ SUSE CVE CVE-2024-46752 page https://www.suse.com/security/cve/CVE-2024-46753/ SUSE CVE CVE-2024-46753 page https://www.suse.com/security/cve/CVE-2024-46755/ SUSE CVE CVE-2024-46755 page https://www.suse.com/security/cve/CVE-2024-46756/ SUSE CVE CVE-2024-46756 page https://www.suse.com/security/cve/CVE-2024-46757/ SUSE CVE CVE-2024-46757 page https://www.suse.com/security/cve/CVE-2024-46758/ SUSE CVE CVE-2024-46758 page https://www.suse.com/security/cve/CVE-2024-46759/ SUSE CVE CVE-2024-46759 page https://www.suse.com/security/cve/CVE-2024-46760/ SUSE CVE CVE-2024-46760 page https://www.suse.com/security/cve/CVE-2024-46761/ SUSE CVE CVE-2024-46761 page https://www.suse.com/security/cve/CVE-2024-46767/ SUSE CVE CVE-2024-46767 page https://www.suse.com/security/cve/CVE-2024-46771/ SUSE CVE CVE-2024-46771 page https://www.suse.com/security/cve/CVE-2024-46772/ SUSE CVE CVE-2024-46772 page https://www.suse.com/security/cve/CVE-2024-46773/ SUSE CVE CVE-2024-46773 page https://www.suse.com/security/cve/CVE-2024-46774/ SUSE CVE CVE-2024-46774 page https://www.suse.com/security/cve/CVE-2024-46776/ SUSE CVE CVE-2024-46776 page https://www.suse.com/security/cve/CVE-2024-46778/ SUSE CVE CVE-2024-46778 page https://www.suse.com/security/cve/CVE-2024-46780/ SUSE CVE CVE-2024-46780 page https://www.suse.com/security/cve/CVE-2024-46781/ SUSE CVE CVE-2024-46781 page https://www.suse.com/security/cve/CVE-2024-46783/ SUSE CVE CVE-2024-46783 page https://www.suse.com/security/cve/CVE-2024-46784/ SUSE CVE CVE-2024-46784 page https://www.suse.com/security/cve/CVE-2024-46786/ SUSE CVE CVE-2024-46786 page https://www.suse.com/security/cve/CVE-2024-46787/ SUSE CVE CVE-2024-46787 page https://www.suse.com/security/cve/CVE-2024-46791/ SUSE CVE CVE-2024-46791 page https://www.suse.com/security/cve/CVE-2024-46794/ SUSE CVE CVE-2024-46794 page https://www.suse.com/security/cve/CVE-2024-46797/ SUSE CVE CVE-2024-46797 page https://www.suse.com/security/cve/CVE-2024-46798/ SUSE CVE CVE-2024-46798 page https://www.suse.com/security/cve/CVE-2024-46822/ SUSE CVE CVE-2024-46822 page SUSE Linux Micro 6.0 kernel-default-6.4.0-20.1 kernel-default-base-6.4.0-17.1.1.51 kernel-default-livepatch-6.4.0-20.1 kernel-devel-6.4.0-20.1 kernel-kvmsmall-6.4.0-20.1 kernel-livepatch-6_4_0-20-default-1-1.2 kernel-macros-6.4.0-20.1 kernel-source-6.4.0-20.1 kernel-default-6.4.0-20.1 as a component of SUSE Linux Micro 6.0 kernel-default-base-6.4.0-17.1.1.51 as a component of SUSE Linux Micro 6.0 kernel-default-livepatch-6.4.0-20.1 as a component of SUSE Linux Micro 6.0 kernel-devel-6.4.0-20.1 as a component of SUSE Linux Micro 6.0 kernel-kvmsmall-6.4.0-20.1 as a component of SUSE Linux Micro 6.0 kernel-livepatch-6_4_0-20-default-1-1.2 as a component of SUSE Linux Micro 6.0 kernel-macros-6.4.0-20.1 as a component of SUSE Linux Micro 6.0 kernel-source-6.4.0-20.1 as a component of SUSE Linux Micro 6.0 In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph which is not straightforward. However when frags arrive out of order, nobody unref the last frag, and all frags are leaked. The situation is even worse, as initiating packet capture can lead to a crash[0] when skb has been cloned and shared at the same time. Fix the issue by removing skb_get() before defragmentation. act_ct returns TC_ACT_CONSUMED when defrag failed or in progress. [0]: [ 843.804823] ------------[ cut here ]------------ [ 843.809659] kernel BUG at net/core/skbuff.c:2091! [ 843.814516] invalid opcode: 0000 [#1] PREEMPT SMP [ 843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2 [ 843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022 [ 843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300 [ 843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b <0f> 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89 [ 843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202 [ 843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820 [ 843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00 [ 843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000 [ 843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880 [ 843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900 [ 843.871680] FS: 0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000 [ 843.876242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0 [ 843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 843.894229] PKRU: 55555554 [ 843.898539] Call Trace: [ 843.902772] <IRQ> [ 843.906922] ? __die_body+0x1e/0x60 [ 843.911032] ? die+0x3c/0x60 [ 843.915037] ? do_trap+0xe2/0x110 [ 843.918911] ? pskb_expand_head+0x2ac/0x300 [ 843.922687] ? do_error_trap+0x65/0x80 [ 843.926342] ? pskb_expand_head+0x2ac/0x300 [ 843.929905] ? exc_invalid_op+0x50/0x60 [ 843.933398] ? pskb_expand_head+0x2ac/0x300 [ 843.936835] ? asm_exc_invalid_op+0x1a/0x20 [ 843.940226] ? pskb_expand_head+0x2ac/0x300 [ 843.943580] inet_frag_reasm_prepare+0xd1/0x240 [ 843.946904] ip_defrag+0x5d4/0x870 [ 843.950132] nf_ct_handle_fragments+0xec/0x130 [nf_conntrack] [ 843.953334] tcf_ct_act+0x252/0xd90 [act_ct] [ 843.956473] ? tcf_mirred_act+0x516/0x5a0 [act_mirred] [ 843.959657] tcf_action_exec+0xa1/0x160 [ 843.962823] fl_classify+0x1db/0x1f0 [cls_flower] [ 843.966010] ? skb_clone+0x53/0xc0 [ 843.969173] tcf_classify+0x24d/0x420 [ 843.972333] tc_run+0x8f/0xf0 [ 843.975465] __netif_receive_skb_core+0x67a/0x1080 [ 843.978634] ? dev_gro_receive+0x249/0x730 [ 843.981759] __netif_receive_skb_list_core+0x12d/0x260 [ 843.984869] netif_receive_skb_list_internal+0x1cb/0x2f0 [ 843.987957] ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core] [ 843.991170] napi_complete_done+0x72/0x1a0 [ 843.994305] mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core] [ 843.997501] __napi_poll+0x25/0x1b0 [ 844.000627] net_rx_action+0x256/0x330 [ 844.003705] __do_softirq+0xb3/0x29b [ 844.006718] irq_exit_rcu+0x9e/0xc0 [ 844.009672] common_interrupt+0x86/0xa0 [ 844.012537] </IRQ> [ 844.015285] <TASK> [ 844.017937] asm_common_interrupt+0x26/0x40 [ 844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20 [ 844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb ---truncated--- CVE-2023-52610 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2023-52610.html CVE-2023-52610 https://bugzilla.suse.com/1221610 SUSE Bug 1221610 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] <TASK> [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381 CVE-2023-52752 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2023-52752.html CVE-2023-52752 https://bugzilla.suse.com/1225487 SUSE Bug 1225487 https://bugzilla.suse.com/1225819 SUSE Bug 1225819 In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") CVE-2023-52915 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2023-52915.html CVE-2023-52915 https://bugzilla.suse.com/1230270 SUSE Bug 1230270 In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this issue: 1. Use 1600x900 to display on host 2. Mount ISO through 'Virtual media' on OpenBMC's web 3. Run script as below on host to do sha continuously #!/bin/bash while [ [1] ]; do find /media -type f -printf '"%h/%f"\n' | xargs sha256sum done 4. Open KVM on OpenBMC's web The size of macro block captured is 8x8. Therefore, we should make sure the height of src-buf is 8 aligned to fix this issue. CVE-2023-52916 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2023-52916.html CVE-2023-52916 https://bugzilla.suse.com/1230269 SUSE Bug 1230269 In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) CVE-2024-26640 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-26640.html CVE-2024-26640 https://bugzilla.suse.com/1221650 SUSE Bug 1221650 In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page() do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B> swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt> <finished swapin first> ... set_pte_at() swap_free() <- entry is free <write to page B, now page A stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! And besides, for ZRAM, swap_free() allows the swap device to discard the entry content, so even if page (B) is not modified, if swap_read_folio() on CPU0 happens later than swap_free() on CPU1, it may also cause data loss. To fix this, reuse swapcache_prepare which will pin the swap entry using the cache flag, and allow only one thread to swap it in, also prevent any parallel code from putting the entry in the cache. Release the pin after PT unlocked. Racers just loop and wait since it's a rare and very short event. A schedule_timeout_uninterruptible(1) call is added to avoid repeated page faults wasting too much CPU, causing livelock or adding too much noise to perf statistics. A similar livelock issue was described in commit 029c4628b2eb ("mm: swap: get rid of livelock in swapin readahead") Reproducer: This race issue can be triggered easily using a well constructed reproducer and patched brd (with a delay in read path) [1]: With latest 6.8 mainline, race caused data loss can be observed easily: $ gcc -g -lpthread test-thread-swap-race.c && ./a.out Polulating 32MB of memory region... Keep swapping out... Starting round 0... Spawning 65536 workers... 32746 workers spawned, wait for done... Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! Round 0 Failed, 15 data loss! This reproducer spawns multiple threads sharing the same memory region using a small swap device. Every two threads updates mapped pages one by one in opposite direction trying to create a race, with one dedicated thread keep swapping out the data out using madvise. The reproducer created a reproduce rate of about once every 5 minutes, so the race should be totally possible in production. After this patch, I ran the reproducer for over a few hundred rounds and no data loss observed. Performance overhead is minimal, microbenchmark swapin 10G from 32G zram: Before: 10934698 us After: 11157121 us Cached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag) [kasong@tencent.com: v4] CVE-2024-26759 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-26759.html CVE-2024-26759 https://bugzilla.suse.com/1230340 SUSE Bug 1230340 In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191 [..] kasan_report+0xda/0x110 mm/kasan/report.c:588 __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline] ___skb_get_hash net/core/flow_dissector.c:1791 [inline] __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856 skb_get_hash include/linux/skbuff.h:1556 [inline] ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748 ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592 ... ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 .. iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831 ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 ... The splat occurs because skb->data points past skb->head allocated area. This is because neigh layer does: __skb_pull(skb, skb_network_offset(skb)); ... but skb_network_offset() returns a negative offset and __skb_pull() arg is unsigned. IOW, we skb->data gets "adjusted" by a huge value. The negative value is returned because skb->head and skb->data distance is more than 64k and skb->network_header (u16) has wrapped around. The bug is in the ip_tunnel infrastructure, which can cause dev->needed_headroom to increment ad infinitum. The syzkaller reproducer consists of packets getting routed via a gre tunnel, and route of gre encapsulated packets pointing at another (ipip) tunnel. The ipip encapsulation finds gre0 as next output device. This results in the following pattern: 1). First packet is to be sent out via gre0. Route lookup found an output device, ipip0. 2). ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future output device, rt.dev->needed_headroom (ipip0). 3). ip output / start_xmit moves skb on to ipip0. which runs the same code path again (xmit recursion). 4). Routing step for the post-gre0-encap packet finds gre0 as output device to use for ipip0 encapsulated packet. tunl0->needed_headroom is then incremented based on the (already bumped) gre0 device headroom. This repeats for every future packet: gre0->needed_headroom gets inflated because previous packets' ipip0 step incremented rt->dev (gre0) headroom, and ipip0 incremented because gre0 needed_headroom was increased. For each subsequent packet, gre/ipip0->needed_headroom grows until post-expand-head reallocations result in a skb->head/data distance of more than 64k. Once that happens, skb->network_header (u16) wraps around when pskb_expand_head tries to make sure that skb_network_offset() is unchanged after the headroom expansion/reallocation. After this skb_network_offset(skb) returns a different (and negative) result post headroom expansion. The next trip to neigh layer (or anything else that would __skb_pull the network header) makes skb->data point to a memory location outside skb->head area. v2: Cap the needed_headroom update to an arbitarily chosen upperlimit to prevent perpetual increase instead of dropping the headroom increment completely. CVE-2024-26804 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-26804.html CVE-2024-26804 https://bugzilla.suse.com/1222629 SUSE Bug 1222629 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. CVE-2024-36953 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-36953.html CVE-2024-36953 https://bugzilla.suse.com/1225812 SUSE Bug 1225812 In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we can actually pull that amount instead of assuming. Tested with dropwatch: drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3) origin: software timestamp: Mon May 13 11:31:53 2024 778214037 nsec protocol: 0x88a8 length: 2 original length: 2 drop reason: PKT_TOO_SMALL [1] BUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65 br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65 __netdev_start_xmit include/linux/netdevice.h:4903 [inline] netdev_start_xmit include/linux/netdevice.h:4917 [inline] xmit_one net/core/dev.c:3531 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547 __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341 dev_queue_xmit include/linux/netdevice.h:3091 [inline] __bpf_tx_skb net/core/filter.c:2136 [inline] __bpf_redirect_common net/core/filter.c:2180 [inline] __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187 ____bpf_clone_redirect net/core/filter.c:2460 [inline] bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432 ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997 __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425 bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058 bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678 __do_sys_bpf kernel/bpf/syscall.c:5767 [inline] __se_sys_bpf kernel/bpf/syscall.c:5765 [inline] __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765 x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2024-38538 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-38538.html CVE-2024-38538 https://bugzilla.suse.com/1226606 SUSE Bug 1226606 In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg write (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28: unix_release_sock (net/unix/af_unix.c:640) unix_release (net/unix/af_unix.c:1050) sock_close (net/socket.c:659 net/socket.c:1421) __fput (fs/file_table.c:422) __fput_sync (fs/file_table.c:508) __se_sys_close (fs/open.c:1559 fs/open.c:1541) __x64_sys_close (fs/open.c:1541) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14: unix_stream_sendmsg (net/unix/af_unix.c:2273) __sock_sendmsg (net/socket.c:730 net/socket.c:745) ____sys_sendmsg (net/socket.c:2584) __sys_sendmmsg (net/socket.c:2638 net/socket.c:2724) __x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x01 -> 0x03 The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7"). Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.") addressed a comparable issue in the past regarding sk->sk_shutdown. However, it overlooked resolving this particular data path. This patch only offending unix_stream_sendmsg() function, since the other reads seem to be protected by unix_state_lock() as discussed in CVE-2024-38596 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-38596.html CVE-2024-38596 https://bugzilla.suse.com/1226846 SUSE Bug 1226846 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak. CVE-2024-38632 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-38632.html CVE-2024-38632 https://bugzilla.suse.com/1226860 SUSE Bug 1226860 In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the system. When this clock provider adds its clock, the clk mutex is locked already, it needs to access i2c, which in return needs the mutex for clk_get_rate as well. CVE-2024-40965 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-40965.html CVE-2024-40965 https://bugzilla.suse.com/1227885 SUSE Bug 1227885 In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. CVE-2024-40973 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-40973.html CVE-2024-40973 https://bugzilla.suse.com/1227890 SUSE Bug 1227890 In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering the xfrm type handlers"): "Crypto requests might return asynchronous. In this case we leave the rcu protected region, so force a refcount on the skb's destination entry before we enter the xfrm type input/output handlers." On TIPC decryption path it has the same problem, and skb_dst_force() should be called before doing decryption to avoid a possible crash. Shuang reported this issue when this warning is triggered: [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug [] Workqueue: crypto cryptd_queue_worker [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc] [] Call Trace: [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc] [] tipc_rcv+0xcf5/0x1060 [tipc] [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc] [] cryptd_aead_crypt+0xdb/0x190 [] cryptd_queue_worker+0xed/0x190 [] process_one_work+0x93d/0x17e0 CVE-2024-40983 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-40983.html CVE-2024-40983 https://bugzilla.suse.com/1227819 SUSE Bug 1227819 In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated). CVE-2024-42154 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-42154.html CVE-2024-42154 https://bugzilla.suse.com/1228507 SUSE Bug 1228507 In the Linux kernel, the following vulnerability has been resolved: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from the WARN_ON() statement in xas_split_alloc(). In our test whose code is attached below, we hit the WARN_ON() on ARM64 system where the base page size is 64KB and huge page size is 512MB. The issue was reported long time ago and some discussions on it can be found here [1]. [1] https://www.spinics.net/lists/linux-xfs/msg75404.html In order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to one supported by xarray and avoid PMD-sized page cache if needed. The code changes are suggested by David Hildenbrand. PATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarray PATCH[2-3] avoids PMD-sized page cache in the synchronous readahead path PATCH[4] avoids PMD-sized page cache for shmem files if needed Test program ============ # cat test.c #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <fcntl.h> #include <errno.h> #include <sys/syscall.h> #include <sys/mman.h> #define TEST_XFS_FILENAME "/tmp/data" #define TEST_SHMEM_FILENAME "/dev/shm/data" #define TEST_MEM_SIZE 0x20000000 int main(int argc, char **argv) { const char *filename; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret; if (pgsize != 0x10000) { fprintf(stderr, "64KB base page size is required\n"); return -EPERM; } system("echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled"); system("rm -fr /tmp/data"); system("rm -fr /dev/shm/data"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open xfs or shmem file */ filename = TEST_XFS_FILENAME; if (argc > 1 && !strcmp(argv[1], "shmem")) filename = TEST_SHMEM_FILENAME; fd = open(filename, O_CREAT | O_RDWR | O_TRUNC); if (fd < 0) { fprintf(stderr, "Unable to open <%s>\n", filename); return -EIO; } /* Extend file size */ ret = ftruncate(fd, TEST_MEM_SIZE); if (ret) { fprintf(stderr, "Error %d to ftruncate()\n", ret); goto cleanup; } /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (buf == (void *)-1) { fprintf(stderr, "Unable to mmap <%s>\n", filename); goto cleanup; } fprintf(stdout, "mapped buffer at 0x%p\n", buf); ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); if (ret) { fprintf(stderr, "Unable to madvise(MADV_HUGEPAGE)\n"); goto cleanup; } /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_WRITE); if (ret) { fprintf(stderr, "Error %d to madvise(MADV_POPULATE_WRITE)\n", ret); goto cleanup; } /* Punch the file to enforce xarray split */ ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); if (ret) fprintf(stderr, "Error %d to fallocate()\n", ret); cleanup: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return 0; } # gcc test.c -o test # cat /proc/1/smaps | grep KernelPageSize | head -n 1 KernelPageSize: 64 kB # ./test shmem : ------------[ cut here ]------------ WARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon \ drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ virtio_net sha1_ce net_failover failover virtio_console virtio_blk \ dimlib virtio_mmio CPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TC ---truncated--- CVE-2024-42243 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-42243.html CVE-2024-42243 https://bugzilla.suse.com/1229001 SUSE Bug 1229001 In the Linux kernel, the following vulnerability has been resolved: closures: Change BUG_ON() to WARN_ON() If a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON() For reference, this has popped up once in the CI, and we'll need more info to debug it: 03240 ------------[ cut here ]------------ 03240 kernel BUG at lib/closure.c:21! 03240 kernel BUG at lib/closure.c:21! 03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP 03240 Modules linked in: 03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not tainted 6.10.0-rc4-ktest-ga56da69799bd #25570 03240 Hardware name: linux,dummy-virt (DT) 03240 Workqueue: btree_update btree_interior_update_work 03240 pstate: 00001005 (nzcv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--) 03240 pc : closure_put+0x224/0x2a0 03240 lr : closure_put+0x24/0x2a0 03240 sp : ffff0000d12071c0 03240 x29: ffff0000d12071c0 x28: dfff800000000000 x27: ffff0000d1207360 03240 x26: 0000000000000040 x25: 0000000000000040 x24: 0000000000000040 03240 x23: ffff0000c1f20180 x22: 0000000000000000 x21: ffff0000c1f20168 03240 x20: 0000000040000000 x19: ffff0000c1f20140 x18: 0000000000000001 03240 x17: 0000000000003aa0 x16: 0000000000003ad0 x15: 1fffe0001c326974 03240 x14: 0000000000000a1e x13: 0000000000000000 x12: 1fffe000183e402d 03240 x11: ffff6000183e402d x10: dfff800000000000 x9 : ffff6000183e402e 03240 x8 : 0000000000000001 x7 : 00009fffe7c1bfd3 x6 : ffff0000c1f2016b 03240 x5 : ffff0000c1f20168 x4 : ffff6000183e402e x3 : ffff800081391954 03240 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000a8000000 03240 Call trace: 03240 closure_put+0x224/0x2a0 03240 bch2_check_for_deadlock+0x910/0x1028 03240 bch2_six_check_for_deadlock+0x1c/0x30 03240 six_lock_slowpath.isra.0+0x29c/0xed0 03240 six_lock_ip_waiter+0xa8/0xf8 03240 __bch2_btree_node_lock_write+0x14c/0x298 03240 bch2_trans_lock_write+0x6d4/0xb10 03240 __bch2_trans_commit+0x135c/0x5520 03240 btree_interior_update_work+0x1248/0x1c10 03240 process_scheduled_works+0x53c/0xd90 03240 worker_thread+0x370/0x8c8 03240 kthread+0x258/0x2e8 03240 ret_from_fork+0x10/0x20 03240 Code: aa1303e0 d63f0020 a94363f7 17ffff8c (d4210000) 03240 ---[ end trace 0000000000000000 ]--- 03240 Kernel panic - not syncing: Oops - BUG: Fatal exception 03240 SMP: stopping secondary CPUs 03241 SMP: failed to stop secondary CPUs 13,15 03241 Kernel Offset: disabled 03241 CPU features: 0x00,00000003,80000008,4240500b 03241 Memory Limit: none 03241 ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]--- 03246 ========= FAILED TIMEOUT copygc_torture_no_checksum in 7200s CVE-2024-42252 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-42252.html CVE-2024-42252 https://bugzilla.suse.com/1229004 SUSE Bug 1229004 In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_locked(); the same solution applies - array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredicted path. CVE-2024-42265 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-42265.html CVE-2024-42265 https://bugzilla.suse.com/1229334 SUSE Bug 1229334 In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sd_remove & sd_release Our test report the following hung task: [ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q->mq_freeze_depth bdev_release mutex_lock(&disk->open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q->mq_freeze_depth) mutex_lock(&disk->open_mutex) SCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in this scenario. This is a classic ABBA deadlock. To fix the deadlock, make sure we don't try to acquire disk->open_mutex after freezing the queue. CVE-2024-42294 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-42294.html CVE-2024-42294 https://bugzilla.suse.com/1229371 SUSE Bug 1229371 In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creating files in this directory in the following flow. ext4_mknod ... ext4_add_entry // Read block 0 ext4_read_dirblock(dir, block, DIRENT) bh = ext4_bread(NULL, inode, block, 0) if (!bh && (type == INDEX || type == DIRENT_HTREE)) // The first directory block is a hole // But type == DIRENT, so no error is reported. After that, we get a directory block without '.' and '..' but with a valid dentry. This may cause some code that relies on dot or dotdot (such as make_indexed_dir()) to crash. Therefore when ext4_read_dirblock() finds that the first directory block is a hole report that the filesystem is corrupted and return an error to avoid loading corrupted data from disk causing something bad. CVE-2024-42304 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-42304.html CVE-2024-42304 https://bugzilla.suse.com/1229364 SUSE Bug 1229364 In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dx_root before making dir indexed Syzbot reports a issue as follows: ============================================ BUG: unable to handle page fault for address: ffffed11022e24fe PGD 23ffee067 P4D 23ffee067 PUD 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0 Call Trace: <TASK> make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341 ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451 ext4_rename fs/ext4/namei.c:3936 [inline] ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214 [...] ============================================ The immediate cause of this problem is that there is only one valid dentry for the block to be split during do_split, so split==0 results in out of bounds accesses to the map triggering the issue. do_split unsigned split dx_make_map count = 1 split = count/2 = 0; continued = hash2 == map[split - 1].hash; ---> map[4294967295] The maximum length of a filename is 255 and the minimum block size is 1024, so it is always guaranteed that the number of entries is greater than or equal to 2 when do_split() is called. But syzbot's crafted image has no dot and dotdot in dir, and the dentry distribution in dirblock is as follows: bus dentry1 hole dentry2 free |xx--|xx-------------|...............|xx-------------|...............| 0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024 So when renaming dentry1 increases its name_len length by 1, neither hole nor free is sufficient to hold the new dentry, and make_indexed_dir() is called. In make_indexed_dir() it is assumed that the first two entries of the dirblock must be dot and dotdot, so bus and dentry1 are left in dx_root because they are treated as dot and dotdot, and only dentry2 is moved to the new leaf block. That's why count is equal to 1. Therefore add the ext4_check_dx_root() helper function to add more sanity checks to dot and dotdot before starting the conversion to avoid the above issue. CVE-2024-42305 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-42305.html CVE-2024-42305 https://bugzilla.suse.com/1229363 SUSE Bug 1229363 In the Linux kernel, the following vulnerability has been resolved: udf: Avoid using corrupted block bitmap buffer When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation from the same bitmap will notice the bitmap buffer is already loaded and tries to allocate from the bitmap with mixed results (depending on the exact nature of the bitmap corruption). Fix the problem by using BH_verified bit to indicate whether the bitmap is valid or not. CVE-2024-42306 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-42306.html CVE-2024-42306 https://bugzilla.suse.com/1229362 SUSE Bug 1229362 In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039. This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range(). Thanks to Zhang Yi, for figuring out the real problem! CVE-2024-43828 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43828.html CVE-2024-43828 https://bugzilla.suse.com/1229394 SUSE Bug 1229394 In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and that a folio reference is held, as documented. After we dropped the PTL, the folio could get freed concurrently. So grab a temporary reference. CVE-2024-43832 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43832.html CVE-2024-43832 https://bugzilla.suse.com/1229380 SUSE Bug 1229380 In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix napi_skb_cache_put warning After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10 The issue arises because virtio is assuming it's running in NAPI context even when it's not, such as in the netpoll case. To resolve this, modify virtnet_poll_tx() to only set NAPI when budget is available. Same for virtnet_poll_cleantx(), which always assumed that it was in a NAPI context. CVE-2024-43835 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43835.html CVE-2024-43835 https://bugzilla.suse.com/1229289 SUSE Bug 1229289 In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udf_fiiter_write_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation. CVE-2024-43845 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43845.html CVE-2024-43845 https://bugzilla.suse.com/1229389 SUSE Bug 1229389 In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via task_work. However failures while adding an event's callback to the task_work engine are ignored. And since the last call for events exit happen after task work is eventually closed, there is a small window during which pending sigtrap can be queued though ignored, leaking the event refcount addition such as in the following scenario: TASK A ----- do_exit() exit_task_work(tsk); <IRQ> perf_event_overflow() event->pending_sigtrap = pending_id; irq_work_queue(&event->pending_irq); </IRQ> =========> PREEMPTION: TASK A -> TASK B event_sched_out() event->pending_sigtrap = 0; atomic_long_inc_not_zero(&event->refcount) // FAILS: task work has exited task_work_add(&event->pending_task) [...] <IRQ WORK> perf_pending_irq() // early return: event->oncpu = -1 </IRQ WORK> [...] =========> TASK B -> TASK A perf_event_exit_task(tsk) perf_event_exit_event() free_event() WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1) // leak event due to unexpected refcount == 2 As a result the event is never released while the task exits. Fix this with appropriate task_work_add()'s error handling. CVE-2024-43870 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43870.html CVE-2024-43870 https://bugzilla.suse.com/1229494 SUSE Bug 1229494 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert an element into a full tracing_map using `__tracing_map_insert()`, it will cause an infinite loop with preemption disabled, leading to a CPU hang problem. Fix this by preventing any further increments to "tracing_map->next_elt" once it reaches "tracing_map->max_elt". CVE-2024-43890 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43890.html CVE-2024-43890 https://bugzilla.suse.com/1229764 SUSE Bug 1229764 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-43898 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43898.html CVE-2024-43898 https://bugzilla.suse.com/1229753 SUSE Bug 1229753 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables in the dcn30_apply_idle_power_optimizations function. These variables were previously assumed to be null at line 922, but they were used later in the code without checking if they were null. This could potentially lead to a null pointer dereference, which would cause a crash. The null checks ensure that 'stream' and 'plane' are not null before they are used, preventing potential crashes. Fixes the below static smatch checker: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922) drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922) CVE-2024-43904 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43904.html CVE-2024-43904 https://bugzilla.suse.com/1229768 SUSE Bug 1229768 In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUG_ON() can be triggerred by the test: kernel BUG at drivers/md/raid5.c:6278! invalid opcode: 0000 [#1] PREEMPT SMP PTI irq event stamp: 158985 CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0x3f1/0xe60 Call Trace: <TASK> raid5_sync_request+0x43d/0x550 md_do_sync+0xb7a/0x2110 md_thread+0x294/0x2b0 kthread+0x147/0x1c0 ret_from_fork+0x59/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Root cause is that --revert-reshape update the raid_disks from 5 to 4, while reshape position is still set, and after reassembling the array, reshape position will be read from super block, then during reshape the checking of 'writepos' that is caculated by old reshape position will fail. Fix this panic the easy way first, by converting the BUG_ON() to WARN_ON(), and stop the reshape if checkings fail. Noted that mdadm must fix --revert-shape as well, and probably md/raid should enhance metadata validation as well, however this means reassemble will fail and there must be user tools to fix the wrong metadata. CVE-2024-43914 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-43914.html CVE-2024-43914 https://bugzilla.suse.com/1229790 SUSE Bug 1229790 In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseport_add_sock(). syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in reuseport_add_sock(). [0] The repro first creates a listener with SO_REUSEPORT. Then, it creates another listener on the same port and concurrently closes the first listener. The second listen() calls reuseport_add_sock() with the first listener as sk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently, but the close() does clear it by reuseport_detach_sock(). The problem is SCTP does not properly synchronise reuseport_alloc(), reuseport_add_sock(), and reuseport_detach_sock(). The caller of reuseport_alloc() and reuseport_{add,detach}_sock() must provide synchronisation for sockets that are classified into the same reuseport group. Otherwise, such sockets form multiple identical reuseport groups, and all groups except one would be silently dead. 1. Two sockets call listen() concurrently 2. No socket in the same group found in sctp_ep_hashtable[] 3. Two sockets call reuseport_alloc() and form two reuseport groups 4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives incoming packets Also, the reported null-ptr-deref could occur. TCP/UDP guarantees that would not happen by holding the hash bucket lock. Let's apply the locking strategy to __sctp_hash_endpoint() and __sctp_unhash_endpoint(). [0]: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 RIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350 Code: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14 RSP: 0018:ffffc9000b947c98 EFLAGS: 00010202 RAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012 RBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385 R10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __sctp_hash_endpoint net/sctp/input.c:762 [inline] sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790 sctp_listen_start net/sctp/socket.c:8570 [inline] sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625 __sys_listen_socket net/socket.c:1883 [inline] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [inline] __se_sys_listen net/socket.c:1900 [inline] __x64_sys_listen+0x5a/0x70 net/socket.c:1900 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f24e46039b9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 RAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9 RDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004 RBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0 R10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c R13: ---truncated--- CVE-2024-44935 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44935.html CVE-2024-44935 https://bugzilla.suse.com/1229810 SUSE Bug 1229810 In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. CVE-2024-44944 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44944.html CVE-2024-44944 https://bugzilla.suse.com/1229899 SUSE Bug 1229899 In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Thread A resumes building skb from kcm->seq_skb but is blocked by sk_stream_wait_memory() 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb and puts the skb to the write queue 4. Thread A faces an error and finally frees skb that is already in the write queue 5. kcm_release() does double-free the skb in the write queue When a thread is building a MSG_MORE skb, another thread must not touch it. Let's add a per-sk mutex and serialise kcm_sendmsg(). [0]: BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline] BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167 CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x178/0x518 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __skb_unlink include/linux/skbuff.h:2366 [inline] __skb_dequeue include/linux/skbuff.h:2385 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] __skb_queue_purge include/linux/skbuff.h:3181 [inline] kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 __sock_release net/socket.c:659 [inline] sock_close+0xa4/0x1e8 net/socket.c:1421 __fput+0x30c/0x738 fs/file_table.c:376 ____fput+0x20/0x30 fs/file_table.c:404 task_work_run+0x230/0x2e0 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x618/0x1f64 kernel/exit.c:871 do_group_exit+0x194/0x22c kernel/exit.c:1020 get_signal+0x1500/0x15ec kernel/signal.c:2893 do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Allocated by task 6166: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903 __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641 alloc_skb include/linux/skbuff.h:1296 [inline] kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x220/0x2c0 net/socket.c:768 splice_to_socket+0x7cc/0xd58 fs/splice.c:889 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xec/0x1d8 fs/splice.c:1164 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108 do_splice_direct_actor ---truncated--- CVE-2024-44946 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44946.html CVE-2024-44946 https://bugzilla.suse.com/1230015 SUSE Bug 1230015 https://bugzilla.suse.com/1230016 SUSE Bug 1230016 In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). CVE-2024-44947 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44947.html CVE-2024-44947 https://bugzilla.suse.com/1229456 SUSE Bug 1229456 https://bugzilla.suse.com/1230098 SUSE Bug 1230098 In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the MTRR capability MSR. So far all x86 CPUs which support MTRR have this separate bit set, so it went unnoticed that mtrr_save_state() does not check the capability bit before accessing the fixed MTRR MSRs. Though on a CPU that does not support the fixed MTRR capability this results in a #GP. The #GP itself is harmless because the RDMSR fault is handled gracefully, but results in a WARN_ON(). Add the missing capability check to prevent this. CVE-2024-44948 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44948.html CVE-2024-44948 https://bugzilla.suse.com/1230174 SUSE Bug 1230174 In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DLL register, resulting in erroneous FIFO reading. Call graph example: sc16is7xx_startup(): entry sc16is7xx_ms_proc(): entry sc16is7xx_set_termios(): entry sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set sc16is7xx_port_irq() entry --> IIR is 0x0C sc16is7xx_handle_rx() entry sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is mapped to DLL (LCR=LCR_CONF_MODE_A) sc16is7xx_set_baud(): exit --> Restore access to general register set Fix the problem by claiming the efr_lock mutex when accessing the Special register set. CVE-2024-44950 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44950.html CVE-2024-44950 https://bugzilla.suse.com/1230180 SUSE Bug 1230180 In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same time as a packet is about to be transmitted on channel B, we observe with a logic analyzer that the received packet on channel A is transmitted on channel B. In other words, the Tx buffer data on channel B is corrupted with data from channel A. The problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change EFR lock to operate on each channels"), which changed the EFR locking to operate on each channel instead of chip-wise. This commit has introduced a regression, because the EFR lock is used not only to protect the EFR registers access, but also, in a very obscure and undocumented way, to protect access to the data buffer, which is shared by the Tx and Rx handlers, but also by each channel of the IC. Fix this regression first by switching to kfifo_out_linear_ptr() in sc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer. Secondly, replace the chip-wise Rx buffer with a separate Rx buffer for each channel. CVE-2024-44951 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44951.html CVE-2024-44951 https://bugzilla.suse.com/1230181 SUSE Bug 1230181 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-44952 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44952.html CVE-2024-44952 https://bugzilla.suse.com/1230178 SUSE Bug 1230178 In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races. CVE-2024-44954 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44954.html CVE-2024-44954 https://bugzilla.suse.com/1230176 SUSE Bug 1230176 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets. CVE-2024-44960 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44960.html CVE-2024-44960 https://bugzilla.suse.com/1230191 SUSE Bug 1230191 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before[1], soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascading us to a hard reset. 1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/ (cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01) CVE-2024-44961 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44961.html CVE-2024-44961 https://bugzilla.suse.com/1230207 SUSE Bug 1230207 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel call this timer even after the driver unloaded, resulting in kernel panic. Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming. panic log: Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded: btnxpuart] CPU: 5 PID: 723 Comm: memtester Tainted: G O 6.6.23-lts-next-06207-g4aef2658ac28 #1 Hardware name: NXP i.MX95 19X19 board (DT) pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0xffff80007a2cf464 lr : call_timer_fn.isra.0+0x24/0x80 ... Call trace: 0xffff80007a2cf464 __run_timers+0x234/0x280 run_timer_softirq+0x20/0x40 __do_softirq+0x100/0x26c ____do_softirq+0x10/0x1c call_on_irq_stack+0x24/0x4c do_softirq_own_stack+0x1c/0x2c irq_exit_rcu+0xc0/0xdc el0_interrupt+0x54/0xd8 __el0_irq_handler_common+0x18/0x24 el0t_64_irq_handler+0x10/0x1c el0t_64_irq+0x190/0x194 Code: ???????? ???????? ???????? ???????? (????????) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0,c0000000,40028143,1000721b Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- CVE-2024-44962 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44962.html CVE-2024-44962 https://bugzilla.suse.com/1230213 SUSE Bug 1230213 In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end condition to malfunction, leading to a 'short' clone. Guess what happens when the user mapping has a short copy of the entry text? Use the correct increment form for addr to avoid alignment assumptions. CVE-2024-44965 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44965.html CVE-2024-44965 https://bugzilla.suse.com/1230221 SUSE Bug 1230221 In the Linux kernel, the following vulnerability has been resolved: drm/mgag200: Bind I2C lifetime to DRM device Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector still refers to it, so this cleanup leaves behind a stale pointer in struct drm_connector.ddc. Bind the lifetime of the I2C adapter to the connector's lifetime by using DRM's managed release. When the DRM device goes away (after the Linux device) DRM will first clean up the connector and then clean up the I2C adapter. CVE-2024-44967 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44967.html CVE-2024-44967 https://bugzilla.suse.com/1230224 SUSE Bug 1230224 In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction. CVE-2024-44969 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44969.html CVE-2024-44969 https://bugzilla.suse.com/1230200 SUSE Bug 1230200 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs with 0 consumed strides for the same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the same wqe which corrupts the linked list. Fix this scenario by accepting 0 sized consumed strides without unlinking the WQE again. CVE-2024-44970 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44970.html CVE-2024-44970 https://bugzilla.suse.com/1230209 SUSE Bug 1230209 In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct device * to increment the refcount. The current implementation does not decrement the refcount, which causes memory leak. This commit adds the missing phy_device_free() call to decrement the refcount via put_device() to balance the refcount. CVE-2024-44971 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44971.html CVE-2024-44971 https://bugzilla.suse.com/1230211 SUSE Bug 1230211 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442) CVE-2024-44977 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44977.html CVE-2024-44977 https://bugzilla.suse.com/1230217 SUSE Bug 1230217 In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails If the dpu_format_populate_layout() fails, then FB is prepared, but not cleaned up. This ends up leaking the pin_count on the GEM object and causes a splat during DRM file closure: msm_obj->pin_count WARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc [...] Call trace: update_lru_locked+0xc4/0xcc put_pages+0xac/0x100 msm_gem_free_object+0x138/0x180 drm_gem_object_free+0x1c/0x30 drm_gem_object_handle_put_unlocked+0x108/0x10c drm_gem_object_release_handle+0x58/0x70 idr_for_each+0x68/0xec drm_gem_release+0x28/0x40 drm_file_free+0x174/0x234 drm_release+0xb0/0x160 __fput+0xc0/0x2c8 __fput_sync+0x50/0x5c __arm64_sys_close+0x38/0x7c invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x4c/0x120 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 irq event stamp: 129818 hardirqs last enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124 hardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c softirqs last enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8 softirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20 Patchwork: https://patchwork.freedesktop.org/patch/600714/ CVE-2024-44982 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44982.html CVE-2024-44982 https://bugzilla.suse.com/1230204 SUSE Bug 1230204 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. This should have been removed when we let the page pool handle the DMA mapping. This bug causes the warning: WARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100 CPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G W 6.8.0-1010-gcp #11-Ubuntu Hardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024 RIP: 0010:iommu_dma_unmap_page+0xd5/0x100 Code: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 RSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c R10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000 R13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0 ? show_regs+0x6d/0x80 ? __warn+0x89/0x150 ? iommu_dma_unmap_page+0xd5/0x100 ? report_bug+0x16a/0x190 ? handle_bug+0x51/0xa0 ? exc_invalid_op+0x18/0x80 ? iommu_dma_unmap_page+0xd5/0x100 ? iommu_dma_unmap_page+0x35/0x100 dma_unmap_page_attrs+0x55/0x220 ? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f bnxt_rx_xdp+0x237/0x520 [bnxt_en] bnxt_rx_pkt+0x640/0xdd0 [bnxt_en] __bnxt_poll_work+0x1a1/0x3d0 [bnxt_en] bnxt_poll+0xaa/0x1e0 [bnxt_en] __napi_poll+0x33/0x1e0 net_rx_action+0x18a/0x2f0 CVE-2024-44984 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44984.html CVE-2024-44984 https://bugzilla.suse.com/1230240 SUSE Bug 1230240 In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_read_lock() to prevent a possible UAF. CVE-2024-44985 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44985.html CVE-2024-44985 https://bugzilla.suse.com/1230206 SUSE Bug 1230206 In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive. CVE-2024-44986 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44986.html CVE-2024-44986 https://bugzilla.suse.com/1230230 SUSE Bug 1230230 In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commit a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()") Another potential issue in ip6_finish_output2() is handled in a separate patch. [1] BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 Read of size 8 at addr ffff88806dde4858 by task syz.1.380/6530 CPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588 rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 do_iter_readv_writev+0x60a/0x890 vfs_writev+0x37c/0xbb0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f936bf79e79 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79 RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8 </TASK> Allocated by task 6530: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3988 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044 dst_alloc+0x12b/0x190 net/core/dst.c:89 ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670 make_blackhole net/xfrm/xfrm_policy.c:3120 [inline] xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313 ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257 rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 45: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2252 [inline] slab_free mm/slub.c:4473 [inline] kmem_cache_free+0x145/0x350 mm/slub.c:4548 dst_destroy+0x2ac/0x460 net/core/dst.c:124 rcu_do_batch kernel/rcu/tree.c:2569 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree. ---truncated--- CVE-2024-44987 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44987.html CVE-2024-44987 https://bugzilla.suse.com/1230185 SUSE Bug 1230185 In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array). CVE-2024-44988 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44988.html CVE-2024-44988 https://bugzilla.suse.com/1230192 SUSE Bug 1230192 In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG: unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: error_code(0x0002) - not-present page kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (slave eni0np1): making interface the new active one kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014 kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel: bond0: (slave eni0np1): making interface the new active one kernel: Call Trace: kernel: <TASK> kernel: ? __die+0x1f/0x60 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? page_fault_oops+0x142/0x4c0 kernel: ? do_user_addr_fault+0x65/0x670 kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50 kernel: bond0: (slave eni0np1): making interface the new active one kernel: ? exc_page_fault+0x7b/0x180 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): making interface the new active one kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding] kernel: xfrm_output+0x61/0x3b0 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ip_push_pending_frames+0x56/0x80 CVE-2024-44989 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44989.html CVE-2024-44989 https://bugzilla.suse.com/1230193 SUSE Bug 1230193 In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer. CVE-2024-44990 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44990.html CVE-2024-44990 https://bugzilla.suse.com/1230194 SUSE Bug 1230194 In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcp_sk_exit_batch Its possible that two threads call tcp_sk_exit_batch() concurrently, once from the cleanup_net workqueue, once from a task that failed to clone a new netns. In the latter case, error unwinding calls the exit handlers in reverse order for the 'failed' netns. tcp_sk_exit_batch() calls tcp_twsk_purge(). Problem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"), this function picks up twsk in any dying netns, not just the one passed in via exit_batch list. This means that the error unwind of setup_net() can "steal" and destroy timewait sockets belonging to the exiting netns. This allows the netns exit worker to proceed to call WARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount)); without the expected 1 -> 0 transition, which then splats. At same time, error unwind path that is also running inet_twsk_purge() will splat as well: WARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 ... refcount_dec include/linux/refcount.h:351 [inline] inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70 inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221 inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304 tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522 ops_exit_list+0x128/0x180 net/core/net_namespace.c:178 setup_net+0x714/0xb40 net/core/net_namespace.c:375 copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508 create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110 ... because refcount_dec() of tw_refcount unexpectedly dropped to 0. This doesn't seem like an actual bug (no tw sockets got lost and I don't see a use-after-free) but as erroneous trigger of debug check. Add a mutex to force strict ordering: the task that calls tcp_twsk_purge() blocks other task from doing final _dec_and_test before mutex-owner has removed all tw sockets of dying netns. CVE-2024-44991 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44991.html CVE-2024-44991 https://bugzilla.suse.com/1230195 SUSE Bug 1230195 In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X. Previously, cb_priv was freed in mtk_wed_setup_tc_block() without marking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too. Assign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL in mtk_wed_setup_tc_block_cb(). ---------- Unable to handle kernel paging request at virtual address 0072460bca32b4f5 Call trace: mtk_wed_setup_tc_block_cb+0x4/0x38 0xffffffc0794084bc tcf_block_playback_offloads+0x70/0x1e8 tcf_block_unbind+0x6c/0xc8 ... --------- CVE-2024-44997 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44997.html CVE-2024-44997 https://bugzilla.suse.com/1230232 SUSE Bug 1230232 In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released. CVE-2024-44998 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44998.html CVE-2024-44998 https://bugzilla.suse.com/1230171 SUSE Bug 1230171 In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Use pskb_inet_may_pull() to fix this issue. [1] BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 ipv6_pdp_find drivers/net/gtp.c:220 [inline] gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 __netdev_start_xmit include/linux/netdevice.h:4913 [inline] netdev_start_xmit include/linux/netdevice.h:4922 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 dev_queue_xmit include/linux/netdevice.h:3105 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3145 [inline] packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3994 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 alloc_skb include/linux/skbuff.h:1320 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 packet_alloc_skb net/packet/af_packet.c:2994 [inline] packet_snd net/packet/af_packet.c:3088 [inline] packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [inline] __se_sys_sendto net/socket.c:2212 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 CVE-2024-44999 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-44999.html CVE-2024-44999 https://bugzilla.suse.com/1230233 SUSE Bug 1230233 In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_rreq_write_to_cache_work RIP: 0010:cachefiles_prepare_write+0x30/0xa0 Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10 RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286 RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000 RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438 RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001 R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68 R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00 FS: 0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x70 ? page_fault_oops+0x15d/0x440 ? search_module_extables+0xe/0x40 ? fixup_exception+0x22/0x2f0 ? exc_page_fault+0x5f/0x100 ? asm_exc_page_fault+0x22/0x30 ? cachefiles_prepare_write+0x30/0xa0 netfs_rreq_write_to_cache_work+0x135/0x2e0 process_one_work+0x137/0x2c0 worker_thread+0x2e9/0x400 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Modules linked in: CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- This happened because fscache_cookie_state_machine() was slow and was still running while another process invoked fscache_unuse_cookie(); this led to a fscache_cookie_lru_do_one() call, setting the FSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by fscache_cookie_state_machine(), withdrawing the cookie via cachefiles_withdraw_cookie(), clearing cookie->cache_priv. At the same time, yet another process invoked cachefiles_prepare_write(), which found a NULL pointer in this code line: struct cachefiles_object *object = cachefiles_cres_object(cres); The next line crashes, obviously: struct cachefiles_cache *cache = object->volume->cache; During cachefiles_prepare_write(), the "n_accesses" counter is non-zero (via fscache_begin_operation()). The cookie must not be withdrawn until it drops to zero. The counter is checked by fscache_cookie_state_machine() before switching to FSCACHE_COOKIE_STATE_RELINQUISHING and FSCACHE_COOKIE_STATE_WITHDRAWING (in "case FSCACHE_COOKIE_STATE_FAILED"), but not for FSCACHE_COOKIE_STATE_LRU_DISCARDING ("case FSCACHE_COOKIE_STATE_ACTIVE"). This patch adds the missing check. With a non-zero access counter, the function returns and the next fscache_end_cookie_access() call will queue another fscache_cookie_state_machine() call to handle the still-pending FSCACHE_COOKIE_DO_LRU_DISCARD. CVE-2024-45000 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45000.html CVE-2024-45000 https://bugzilla.suse.com/1230170 SUSE Bug 1230170 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() to create SKB. skb_shinfo(skb) is located at the end of skb, and its alignment is affected by the alloc_size passed into napi_build_skb(). The size needs to be aligned properly for better performance and atomic operations. Otherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic operations may panic on the skb_shinfo(skb)->dataref due to alignment fault. To fix this bug, add proper alignment to the alloc_size calculation. Sample panic info: [ 253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce [ 253.300900] Mem abort info: [ 253.301760] ESR = 0x0000000096000021 [ 253.302825] EC = 0x25: DABT (current EL), IL = 32 bits [ 253.304268] SET = 0, FnV = 0 [ 253.305172] EA = 0, S1PTW = 0 [ 253.306103] FSC = 0x21: alignment fault Call trace: __skb_clone+0xfc/0x198 skb_clone+0x78/0xe0 raw6_local_deliver+0xfc/0x228 ip6_protocol_deliver_rcu+0x80/0x500 ip6_input_finish+0x48/0x80 ip6_input+0x48/0xc0 ip6_sublist_rcv_finish+0x50/0x78 ip6_sublist_rcv+0x1cc/0x2b8 ipv6_list_rcv+0x100/0x150 __netif_receive_skb_list_core+0x180/0x220 netif_receive_skb_list_internal+0x198/0x2a8 __napi_poll+0x138/0x250 net_rx_action+0x148/0x330 handle_softirqs+0x12c/0x3a0 CVE-2024-45001 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45001.html CVE-2024-45001 https://bugzilla.suse.com/1230244 SUSE Bug 1230244 In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereference in error handling If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference. CVE-2024-45002 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45002.html CVE-2024-45002 https://bugzilla.suse.com/1230169 SUSE Bug 1230169 In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects all reclaimable inodes and mark them with I_FREEING flag at first, at that time, other processes will be stuck if they try getting these inodes (See function find_inode_fast), then the reclaiming process destroy the inodes by function dispose_list(). Some filesystems(eg. ext4 with ea_inode feature, ubifs with xattr) may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen. Case 1: In function ext4_evict_inode(), the ea inode lookup could happen if ea_inode feature is enabled, the lookup process will be stuck under the evicting context like this: 1. File A has inode i_reg and an ea inode i_ea 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea 3. Then, following three processes running like this: PA PB echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // i_reg is added into lru, lru->i_ea->i_reg prune_icache_sb list_lru_walk_one inode_lru_isolate i_ea->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(i_reg) spin_unlock(&i_reg->i_lock) spin_unlock(lru_lock) rm file A i_reg->nlink = 0 iput(i_reg) // i_reg->nlink is 0, do evict ext4_evict_inode ext4_xattr_delete_inode ext4_xattr_inode_dec_ref_all ext4_xattr_inode_iget ext4_iget(i_ea->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(i_ea) ----→ AA deadlock dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&i_ea->i_state) Case 2: In deleted inode writing function ubifs_jnl_write_inode(), file deleting process holds BASEHD's wbuf->io_mutex while getting the xattr inode, which could race with inode reclaiming process(The reclaiming process could try locking BASEHD's wbuf->io_mutex in inode evicting function), then an ABBA deadlock problem would happen as following: 1. File A has inode ia and a xattr(with inode ixa), regular file B has inode ib and a xattr. 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa 3. Then, following three processes running like this: PA PB PC echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // ib and ia are added into lru, lru->ixa->ib->ia prune_icache_sb list_lru_walk_one inode_lru_isolate ixa->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(ib) spin_unlock(&ib->i_lock) spin_unlock(lru_lock) rm file B ib->nlink = 0 rm file A iput(ia) ubifs_evict_inode(ia) ubifs_jnl_delete_inode(ia) ubifs_jnl_write_inode(ia) make_reservation(BASEHD) // Lock wbuf->io_mutex ubifs_iget(ixa->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(ixa) | iput(ib) // ib->nlink is 0, do evict | ubifs_evict_inode | ubifs_jnl_delete_inode(ib) ↓ ubifs_jnl_write_inode ABBA deadlock ←-----make_reservation(BASEHD) dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&ixa->i_state) Fix the possible deadlock by using new inode state flag I_LRU_ISOLATING to pin the inode in memory while inode_lru_isolate( ---truncated--- CVE-2024-45003 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45003.html CVE-2024-45003 https://bugzilla.suse.com/1230245 SUSE Bug 1230245 In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.use_gisa=0" or by setting the related sysfs attribute to N (echo N >/sys/module/kvm/parameters/use_gisa). The validity is caused by an invalid value in the SIE control block's gisa designation. That happens because we pass the uninitialized gisa origin to virt_to_phys() before writing it to the gisa designation. To fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0. kvm_s390_get_gisa_desc() is used to determine which gisa designation to set in the SIE control block. A value of 0 in the gisa designation disables gisa usage. The issue surfaces in the host kernel with the following kernel message as soon a new kvm guest start is attemted. kvm: unhandled validity intercept 0x1011 WARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm] Modules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci] CPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6 Hardware name: IBM 3931 A01 701 (LPAR) Krnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm]) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 Krnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000 000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff 000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412 000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960 Krnl Code: 000003d93deb0112: c020fffe7259 larl %r2,000003d93de7e5c4 000003d93deb0118: c0e53fa8beac brasl %r14,000003d9bd3c7e70 #000003d93deb011e: af000000 mc 0,0 >000003d93deb0122: a728ffea lhi %r2,-22 000003d93deb0126: a7f4fe24 brc 15,000003d93deafd6e 000003d93deb012a: 9101f0b0 tm 176(%r15),1 000003d93deb012e: a774fe48 brc 7,000003d93deafdbe 000003d93deb0132: 40a0f0ae sth %r10,174(%r15) Call Trace: [<000003d93deb0122>] kvm_handle_sie_intercept+0x432/0x4d0 [kvm] ([<000003d93deb011e>] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]) [<000003d93deacc10>] vcpu_post_run+0x1d0/0x3b0 [kvm] [<000003d93deaceda>] __vcpu_run+0xea/0x2d0 [kvm] [<000003d93dead9da>] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm] [<000003d93de93ee0>] kvm_vcpu_ioctl+0x190/0x7c0 [kvm] [<000003d9bd728b4e>] vfs_ioctl+0x2e/0x70 [<000003d9bd72a092>] __s390x_sys_ioctl+0xc2/0xd0 [<000003d9be0e9222>] __do_syscall+0x1f2/0x2e0 [<000003d9be0f9a90>] system_call+0x70/0x98 Last Breaking-Event-Address: [<000003d9bd3c7f58>] __warn_printk+0xe8/0xf0 CVE-2024-45005 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45005.html CVE-2024-45005 https://bugzilla.suse.com/1230173 SUSE Bug 1230173 In the Linux kernel, the following vulnerability has been resolved: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration re-enumerating full-speed devices after a failed address device command can trigger a NULL pointer dereference. Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size value during enumeration. Usb core calls usb_ep0_reinit() in this case, which ends up calling xhci_configure_endpoint(). On Panther point xHC the xhci_configure_endpoint() function will additionally check and reserve bandwidth in software. Other hosts do this in hardware If xHC address device command fails then a new xhci_virt_device structure is allocated as part of re-enabling the slot, but the bandwidth table pointers are not set up properly here. This triggers the NULL pointer dereference the next time usb_ep0_reinit() is called and xhci_configure_endpoint() tries to check and reserve bandwidth [46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd [46710.713699] usb 3-1: Device not responding to setup address. [46710.917684] usb 3-1: Device not responding to setup address. [46711.125536] usb 3-1: device not accepting address 5, error -71 [46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008 [46711.125600] #PF: supervisor read access in kernel mode [46711.125603] #PF: error_code(0x0000) - not-present page [46711.125606] PGD 0 P4D 0 [46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI [46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1 [46711.125620] Hardware name: Gigabyte Technology Co., Ltd. [46711.125623] Workqueue: usb_hub_wq hub_event [usbcore] [46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c Fix this by making sure bandwidth table pointers are set up correctly after a failed address device command, and additionally by avoiding checking for bandwidth in cases like this where no actual endpoints are added or removed, i.e. only context for default control endpoint 0 is evaluated. CVE-2024-45006 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45006.html CVE-2024-45006 https://bugzilla.suse.com/1230247 SUSE Bug 1230247 In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending work item. Other work items continue to be queued on per-device workqueues to ensure performance. CVE-2024-45007 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45007.html CVE-2024-45007 https://bugzilla.suse.com/1230175 SUSE Bug 1230175 In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024. CVE-2024-45008 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45008.html CVE-2024-45008 https://bugzilla.suse.com/1230248 SUSE Bug 1230248 In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at address 1. This is verified in xillyusb_setup_base_eps(). On top of that, a XillyUSB device may have additional Bulk OUT endpoints. The information about these endpoints' addresses is deduced from a data structure (the IDT) that the driver fetches from the device while probing it. These endpoints are checked in setup_channels(). A XillyUSB device never has more than one IN endpoint, as all data towards the host is multiplexed in this single Bulk IN endpoint. This is why setup_channels() only checks OUT endpoints. CVE-2024-45011 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45011.html CVE-2024-45011 https://bugzilla.suse.com/1230440 SUSE Bug 1230440 In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30 Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019 RIP: 0010:sg_init_one+0x85/0xa0 Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00 RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000 RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508 R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018 FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0 Call Trace: <TASK> ? die+0x36/0x90 ? do_trap+0xdd/0x100 ? sg_init_one+0x85/0xa0 ? do_error_trap+0x65/0x80 ? sg_init_one+0x85/0xa0 ? exc_invalid_op+0x50/0x70 ? sg_init_one+0x85/0xa0 ? asm_exc_invalid_op+0x1a/0x20 ? sg_init_one+0x85/0xa0 nvkm_firmware_ctor+0x14a/0x250 [nouveau] nvkm_falcon_fw_ctor+0x42/0x70 [nouveau] ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau] r535_gsp_oneinit+0xb3/0x15f0 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? nvkm_udevice_new+0x95/0x140 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? ktime_get+0x47/0xb0 Fix this by using the non-coherent allocator instead, I think there might be a better answer to this, but it involve ripping up some of APIs using sg lists. CVE-2024-45012 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45012.html CVE-2024-45012 https://bugzilla.suse.com/1230441 SUSE Bug 1230441 In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into nvme_init_ctrl_finish(), but don't move stopping keep-alive into nvme_uninit_ctrl(), so keep-alive work can be started and keep pending after failing to start controller, finally use-after-free is triggered if nvme host driver is unloaded. This patch fixes kernel panic when running nvme/004 in case that connection failure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl(). This way is reasonable because keep-alive is now started in nvme_init_ctrl_finish(). CVE-2024-45013 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45013.html CVE-2024-45013 https://bugzilla.suse.com/1230442 SUSE Bug 1230442 In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by an atomic_disable() but without an atomic_mode_set(). This results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in the atomic_enable() as the dpu_encoder's connector was cleared in the atomic_disable() but not re-assigned as there was no atomic_mode_set() call. Fix the NULL ptr access by moving the assignment for atomic_enable() and also use drm_atomic_get_new_connector_for_encoder() to get the connector from the atomic_state. Patchwork: https://patchwork.freedesktop.org/patch/606729/ CVE-2024-45015 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45015.html CVE-2024-45015 https://bugzilla.suse.com/1230444 SUSE Bug 1230444 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94 Modules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci] CPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2 Hardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021 Workqueue: events xfrm_state_gc_task RIP: 0010:down_read+0x75/0x94 Code: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0 RSP: 0018:ffffb26387773da8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000 RBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540 R13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905 FS: 0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0 Call Trace: <TASK> ? show_trace_log_lvl+0x1d6/0x2f9 ? show_trace_log_lvl+0x1d6/0x2f9 ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core] ? down_read+0x75/0x94 ? __warn+0x80/0x113 ? down_read+0x75/0x94 ? report_bug+0xa4/0x11d ? handle_bug+0x35/0x8b ? exc_invalid_op+0x14/0x75 ? asm_exc_invalid_op+0x16/0x1b ? down_read+0x75/0x94 ? down_read+0xe/0x94 mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core] mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core] tx_destroy+0x1b/0xc0 [mlx5_core] tx_ft_put+0x53/0xc0 [mlx5_core] mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core] ___xfrm_state_destroy+0x10f/0x1a2 xfrm_state_gc_task+0x81/0xa9 process_one_work+0x1f1/0x3c6 worker_thread+0x53/0x3e4 ? process_one_work.cold+0x46/0x3c kthread+0x127/0x144 ? set_kthread_struct+0x60/0x52 ret_from_fork+0x22/0x2d </TASK> ---[ end trace 5ef7896144d398e1 ]--- CVE-2024-45017 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45017.html CVE-2024-45017 https://bugzilla.suse.com/1230430 SUSE Bug 1230430 In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. CVE-2024-45018 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45018.html CVE-2024-45018 https://bugzilla.suse.com/1230431 SUSE Bug 1230431 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take state lock during tx timeout reporter mlx5e_safe_reopen_channels() requires the state lock taken. The referenced changed in the Fixes tag removed the lock to fix another issue. This patch adds it back but at a later point (when calling mlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the Fixes tag. CVE-2024-45019 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45019.html CVE-2024-45019 https://bugzilla.suse.com/1230432 SUSE Bug 1230432 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksafe(). More specifically, it is the following code: if (exact != NOT_EXACT && old->stack[spi].slot_type[i % BPF_REG_SIZE] != cur->stack[spi].slot_type[i % BPF_REG_SIZE]) return false; The 'i' iterates old->allocated_stack. If cur->allocated_stack < old->allocated_stack the out-of-bound access will happen. To fix the issue add 'i >= cur->allocated_stack' check such that if the condition is true, stacksafe() should fail. Otherwise, cur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal. CVE-2024-45020 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45020.html CVE-2024-45020 https://bugzilla.suse.com/1230433 SUSE Bug 1230433 In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). CVE-2024-45021 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45021.html CVE-2024-45021 https://bugzilla.suse.com/1230434 SUSE Bug 1230434 In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code. CVE-2024-45022 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45022.html CVE-2024-45022 https://bugzilla.suse.com/1230435 SUSE Bug 1230435 In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is still in recovery, unrecovered data can be read: raid1_read_request read_balance raid1_should_read_first -> return false choose_best_rdev -> normal disk is not recovered, return -1 choose_bb_rdev -> missing the checking of recovery, return the normal disk -> read unrecovered data Root cause is that the checking of recovery is missing in choose_bb_rdev(). Hence add such checking to fix the problem. Also fix similar problem in choose_slow_rdev(). CVE-2024-45023 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45023.html CVE-2024-45023 https://bugzilla.suse.com/1230455 SUSE Bug 1230455 In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasd_ese_needs_format function checks for error codes that signal the non existence of a proper track format. The check for incorrect length is to imprecise since other error cases leading to transport of insufficient data also have this flag set. This might lead to data corruption in certain error cases for example during a storage server warmstart. Fix by removing the check for incorrect length and replacing by explicitly checking for invalid track format in transport mode. Also remove the check for file protected since this is not a valid ESE handling case. CVE-2024-45026 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45026.html CVE-2024-45026 https://bugzilla.suse.com/1230454 SUSE Bug 1230454 In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference. Also change the error code to -ENOMEM instead of returning success. CVE-2024-45028 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45028.html CVE-2024-45028 https://bugzilla.suse.com/1230450 SUSE Bug 1230450 In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 ... Call trace: __might_sleep __mutex_lock_common mutex_lock_nested acpi_subsys_runtime_resume rpm_resume tegra_i2c_xfer The problem arises because during __pm_runtime_resume(), the spinlock &dev->power.lock is acquired before rpm_resume() is called. Later, rpm_resume() invokes acpi_subsys_runtime_resume(), which relies on mutexes, triggering the error. To address this issue, devices on ACPI are now marked as not IRQ-safe, considering the dependency of acpi_subsys_runtime_resume() on mutexes. CVE-2024-45029 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45029.html CVE-2024-45029 https://bugzilla.suse.com/1230451 SUSE Bug 1230451 In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAX_SKB_FRAGS Sabrina reports that the igb driver does not cope well with large MAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload corruption on TX. An easy reproducer is to run ssh to connect to the machine. With MAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails. This has been reported originally in https://bugzilla.redhat.com/show_bug.cgi?id=2265320 The root cause of the issue is that the driver does not take into account properly the (possibly large) shared info size when selecting the ring layout, and will try to fit two packets inside the same 4K page even when the 1st fraglist will trump over the 2nd head. Address the issue by checking if 2K buffers are insufficient. CVE-2024-45030 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-45030.html CVE-2024-45030 https://bugzilla.suse.com/1230457 SUSE Bug 1230457 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the driver for SAE/OWE offload cases") SSID based PMKSA del commands. brcmfmac is not prepared and tries to dereference the NULL bssid and pmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based updates so copy the SSID. CVE-2024-46672 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46672.html CVE-2024-46672 https://bugzilla.suse.com/1230459 SUSE Bug 1230459 In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aac_init_adapter() fails after allocating memory for aac_dev::queues, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, aac_probe_one() goes down an error path that frees the memory pointed to by aac_dev::queues, resulting.in a double-free. CVE-2024-46673 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46673.html CVE-2024-46673 https://bugzilla.suse.com/1230506 SUSE Bug 1230506 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources. CVE-2024-46674 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46674.html CVE-2024-46674 https://bugzilla.suse.com/1230507 SUSE Bug 1230507 https://bugzilla.suse.com/1230599 SUSE Bug 1230599 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms. The problem arises from the following sequence. 1. In dwc3_gadget_suspend, there is a chance of a timeout when moving the USB core to the halt state after clearing the run/stop bit by software. 2. In dwc3_core_exit, the event buffer is cleared regardless of the USB core's status, which may lead to an SMMU faults and other memory issues. if the USB core tries to access the event buffer address. To prevent this hardware quirk on Exynos platforms, this commit ensures that the event buffer address is not cleared by software when the USB core is active during runtime suspend by checking its status before clearing the buffer address. CVE-2024-46675 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46675.html CVE-2024-46675 https://bugzilla.suse.com/1230533 SUSE Bug 1230533 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-46676 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46676.html CVE-2024-46676 https://bugzilla.suse.com/1230535 SUSE Bug 1230535 In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error pointer with the error code carried from sockfd_lookup(). (I found this bug during code inspection.) CVE-2024-46677 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46677.html CVE-2024-46677 https://bugzilla.suse.com/1230549 SUSE Bug 1230549 In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers. CVE-2024-46679 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46679.html CVE-2024-46679 https://bugzilla.suse.com/1230556 SUSE Bug 1230556 In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. CVE-2024-46685 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46685.html CVE-2024-46685 https://bugzilla.suse.com/1230515 SUSE Bug 1230515 In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. CVE-2024-46686 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46686.html CVE-2024-46686 https://bugzilla.suse.com/1230517 SUSE Bug 1230517 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG] There is an internal report that KASAN is reporting use-after-free, with the following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs] Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 Workqueue: btrfs-endio btrfs_end_bio_work [btrfs] Call Trace: dump_stack_lvl+0x61/0x80 print_address_description.constprop.0+0x5e/0x2f0 print_report+0x118/0x216 kasan_report+0x11d/0x1f0 btrfs_check_read_bio+0xa68/0xb70 [btrfs] process_one_work+0xce0/0x12a0 worker_thread+0x717/0x1250 kthread+0x2e3/0x3c0 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x11/0x20 Allocated by task 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x7d/0x80 kmem_cache_alloc_noprof+0x16e/0x3e0 mempool_alloc_noprof+0x12e/0x310 bio_alloc_bioset+0x3f0/0x7a0 btrfs_bio_alloc+0x2e/0x50 [btrfs] submit_extent_page+0x4d1/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Freed by task 20917: kasan_save_stack+0x37/0x60 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x50 __kasan_slab_free+0x4b/0x60 kmem_cache_free+0x214/0x5d0 bio_free+0xed/0x180 end_bbio_data_read+0x1cc/0x580 [btrfs] btrfs_submit_chunk+0x98d/0x1880 [btrfs] btrfs_submit_bio+0x33/0x70 [btrfs] submit_one_bio+0xd4/0x130 [btrfs] submit_extent_page+0x3ea/0xdb0 [btrfs] btrfs_do_readpage+0x8b4/0x12a0 [btrfs] btrfs_readahead+0x29a/0x430 [btrfs] read_pages+0x1a7/0xc60 page_cache_ra_unbounded+0x2ad/0x560 filemap_get_pages+0x629/0xa20 filemap_read+0x335/0xbf0 vfs_read+0x790/0xcb0 ksys_read+0xfd/0x1d0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 [CAUSE] Although I cannot reproduce the error, the report itself is good enough to pin down the cause. The call trace is the regular endio workqueue context, but the free-by-task trace is showing that during btrfs_submit_chunk() we already hit a critical error, and is calling btrfs_bio_end_io() to error out. And the original endio function called bio_put() to free the whole bio. This means a double freeing thus causing use-after-free, e.g.: 1. Enter btrfs_submit_bio() with a read bio The read bio length is 128K, crossing two 64K stripes. 2. The first run of btrfs_submit_chunk() 2.1 Call btrfs_map_block(), which returns 64K 2.2 Call btrfs_split_bio() Now there are two bios, one referring to the first 64K, the other referring to the second 64K. 2.3 The first half is submitted. 3. The second run of btrfs_submit_chunk() 3.1 Call btrfs_map_block(), which by somehow failed Now we call btrfs_bio_end_io() to handle the error 3.2 btrfs_bio_end_io() calls the original endio function Which is end_bbio_data_read(), and it calls bio_put() for the original bio. Now the original bio is freed. 4. The submitted first 64K bio finished Now we call into btrfs_check_read_bio() and tries to advance the bio iter. But since the original bio (thus its iter) is already freed, we trigger the above use-after free. And even if the memory is not poisoned/corrupted, we will later call the original endio function, causing a double freeing. [FIX] Instead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(), which has the extra check on split bios and do the pr ---truncated--- CVE-2024-46687 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46687.html CVE-2024-46687 https://bugzilla.suse.com/1230518 SUSE Bug 1230518 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone. The only reason it is working right now is because Qualcomm Hypervisor maps the same region as Non-Cacheable memory in Stage 2 translation tables. The issue manifests if we want to use another hypervisor (like Xen or KVM), which does not know anything about those specific mappings. Changing the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC removes dependency on correct mappings in Stage 2 tables. This patch fixes the issue by updating the mapping to MEMREMAP_WC. I tested this on SA8155P with Xen. CVE-2024-46689 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46689.html CVE-2024-46689 https://bugzilla.suse.com/1230524 SUSE Bug 1230524 In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Move unregister out of atomic section Commit '9329933699b3 ("soc: qcom: pmic_glink: Make client-lock non-sleeping")' moved the pmic_glink client list under a spinlock, as it is accessed by the rpmsg/glink callback, which in turn is invoked from IRQ context. This means that ucsi_unregister() is now called from atomic context, which isn't feasible as it's expecting a sleepable context. An effort is under way to get GLINK to invoke its callbacks in a sleepable context, but until then lets schedule the unregistration. A side effect of this is that ucsi_unregister() can now happen after the remote processor, and thereby the communication link with it, is gone. pmic_glink_send() is amended with a check to avoid the resulting NULL pointer dereference. This does however result in the user being informed about this error by the following entry in the kernel log: ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5 CVE-2024-46691 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46691.html CVE-2024-46691 https://bugzilla.suse.com/1230526 SUSE Bug 1230526 In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark get_wq_ctx() as atomic call Currently get_wq_ctx() is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to resume the corresponding sleeping thread. But if get_wq_ctx() is interrupted, goes to sleep and another SMC call is waiting to be allocated a waitq context, it leads to a deadlock. To avoid this get_wq_ctx() must be an atomic call and can't be a standard SMC call. Hence mark get_wq_ctx() as a fast call. CVE-2024-46692 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46692.html CVE-2024-46692 https://bugzilla.suse.com/1230520 SUSE Bug 1230520 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink: Fix race during initialization As pointed out by Stephen Boyd it is possible that during initialization of the pmic_glink child drivers, the protection-domain notifiers fires, and the associated work is scheduled, before the client registration returns and as a result the local "client" pointer has been initialized. The outcome of this is a NULL pointer dereference as the "client" pointer is blindly dereferenced. Timeline provided by Stephen: CPU0 CPU1 ---- ---- ucsi->client = NULL; devm_pmic_glink_register_client() client->pdr_notify(client->priv, pg->client_state) pmic_glink_ucsi_pdr_notify() schedule_work(&ucsi->register_work) <schedule away> pmic_glink_ucsi_register() ucsi_register() pmic_glink_ucsi_read_version() pmic_glink_ucsi_read() pmic_glink_ucsi_read() pmic_glink_send(ucsi->client) <client is NULL BAD> ucsi->client = client // Too late! This code is identical across the altmode, battery manager and usci child drivers. Resolve this by splitting the allocation of the "client" object and the registration thereof into two operations. This only happens if the protection domain registry is populated at the time of registration, which by the introduction of commit '1ebcde047c54 ("soc: qcom: add pd-mapper implementation")' became much more likely. CVE-2024-46693 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46693.html CVE-2024-46693 https://bugzilla.suse.com/1230521 SUSE Bug 1230521 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. (cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3) CVE-2024-46694 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46694.html CVE-2024-46694 https://bugzilla.suse.com/1230511 SUSE Bug 1230511 In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the appropriate * permission checks. nfsd_setattr() does do permissions checking via fh_verify() and nfsd_permission(), but those don't do all the same permissions checks that are done by security_inode_setxattr() and its related LSM hooks do. Since nfsd_setattr() is the only consumer of security_inode_setsecctx(), simplest solution appears to be to replace the call to __vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This fixes the above issue and has the added benefit of causing nfsd to recall conflicting delegations on a file when a client tries to change its security label. CVE-2024-46695 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46695.html CVE-2024-46695 https://bugzilla.suse.com/1230519 SUSE Bug 1230519 In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another host connected with enabled paths we hang in tearing them down. This is due to fact that the Thunderbolt networking driver also tries to cleanup the paths and ends up blocking in tb_disconnect_xdomain_paths() waiting for the domain lock. However, at this point we already cleaned the paths in tb_stop() so there is really no need for tb_disconnect_xdomain_paths() to do that anymore. Furthermore it already checks if the XDomain is unplugged and bails out early so take advantage of that and mark the XDomain as unplugged when we remove the parent router. CVE-2024-46702 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46702.html CVE-2024-46702 https://bugzilla.suse.com/1230589 SUSE Bug 1230589 In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel sometimes boot hang. It is because normal console still is not ready, but runtime suspend is called, so early console putchar will hang in waiting TRDE set in UARTSTAT. The lpuart driver has auto suspend delay set to 3000ms, but during uart_add_one_port, a child device serial ctrl will added and probed with its pm runtime enabled(see serial_ctrl.c). The runtime suspend call path is: device_add |-> bus_probe_device |->device_initial_probe |->__device_attach |-> pm_runtime_get_sync(dev->parent); |-> pm_request_idle(dev); |-> pm_runtime_put(dev->parent); So in the end, before normal console ready, the lpuart get runtime suspended. And earlycon putchar will hang. To address the issue, mark last busy just after pm_runtime_enable, three seconds is long enough to switch from bootconsole to normal console. CVE-2024-46706 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46706.html CVE-2024-46706 https://bugzilla.suse.com/1230580 SUSE Bug 1230580 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2. We therefore try to emulate the SGI access, only to hit a NULL pointer as no private interrupt is allocated (no GIC, remember?). The obvious fix is to give the guest what it deserves, in the shape of a UNDEF exception. CVE-2024-46707 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46707.html CVE-2024-46707 https://bugzilla.suse.com/1230582 SUSE Bug 1230582 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dma_buf interface instead of trying to access pages directly. External buffers might not provide direct access to readable/writable pages so to make sure the bo's created from external dma_bufs can be read dma_buf interface has to be used. Fixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't trigger this due to the fact that virtual machines will not have multiple GPUs but it enables better test coverage in IGT. CVE-2024-46709 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46709.html CVE-2024-46709 https://bugzilla.suse.com/1230539 SUSE Bug 1230539 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus. Prevent unmapping of active read buffers by simply keeping a count of how many paths have currently active maps and unmap only when the count reaches 0. CVE-2024-46710 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46710.html CVE-2024-46710 https://bugzilla.suse.com/1230540 SUSE Bug 1230540 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e. from returned from the function wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is not the case. This fixes 4 NULL_RETURNS issues reported by Coverity. CVE-2024-46714 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46714.html CVE-2024-46714 https://bugzilla.suse.com/1230699 SUSE Bug 1230699 In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a kernel oops such as: [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute [...] [ 2203.783416] Call trace: [ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48 [ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120 [ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4 [ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0 [ 2203.802236] vfs_read from ksys_read+0xa4/0xd4 [ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54 [ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0) [ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000 [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000 [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0 [ 2203.830363] Code: bad PC value [ 2203.832695] ---[ end trace 0000000000000000 ]--- CVE-2024-46715 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46715.html CVE-2024-46715 https://bugzilla.suse.com/1230700 SUSE Bug 1230700 In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor which does not correctly free the descriptors as first nodes were not removed from the list. CVE-2024-46716 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46716.html CVE-2024-46716 https://bugzilla.suse.com/1230715 SUSE Bug 1230715 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix incorrect page release Under the following conditions: 1) No skb created yet 2) header_size == 0 (no SHAMPO header) 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the last page fragment of a SHAMPO header page) a new skb is formed with a page that is NOT a SHAMPO header page (it is a regular data page). Further down in the same function (mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from header_index is released. This is wrong and it leads to SHAMPO header pages being released more than once. CVE-2024-46717 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46717.html CVE-2024-46717 https://bugzilla.suse.com/1230719 SUSE Bug 1230719 In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled. CVE-2024-46719 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46719.html CVE-2024-46719 https://bugzilla.suse.com/1230722 SUSE Bug 1230722 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix dereference after null check check the pointer hive before use. CVE-2024-46720 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46720.html CVE-2024-46720 https://bugzilla.suse.com/1230724 SUSE Bug 1230724 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds. CVE-2024-46722 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46722.html CVE-2024-46722 https://bugzilla.suse.com/1230712 SUSE Bug 1230712 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds. CVE-2024-46723 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46723.html CVE-2024-46723 https://bugzilla.suse.com/1230702 SUSE Bug 1230702 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error CVE-2024-46724 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46724.html CVE-2024-46724 https://bugzilla.suse.com/1230725 SUSE Bug 1230725 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning CVE-2024-46725 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46725.html CVE-2024-46725 https://bugzilla.suse.com/1230705 SUSE Bug 1230705 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will never overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. CVE-2024-46726 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46726.html CVE-2024-46726 https://bugzilla.suse.com/1230706 SUSE Bug 1230706 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index for aux_rd_interval before using aux_rd_interval has size of 7 and should be checked. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. CVE-2024-46728 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46728.html CVE-2024-46728 https://bugzilla.suse.com/1230703 SUSE Bug 1230703 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop [WHY] fe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is lager than the array size. [HOW] Divide byte size 20 by its element size. This fixes 2 OVERRUN issues reported by Coverity. CVE-2024-46729 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46729.html CVE-2024-46729 https://bugzilla.suse.com/1230704 SUSE Bug 1230704 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure array index tg_inst won't be -1 [WHY & HOW] tg_inst will be a negative if timing_generator_count equals 0, which should be checked before used. This fixes 2 OVERRUN issues reported by Coverity. CVE-2024-46730 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46730.html CVE-2024-46730 https://bugzilla.suse.com/1230701 SUSE Bug 1230701 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. CVE-2024-46731 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46731.html CVE-2024-46731 https://bugzilla.suse.com/1230709 SUSE Bug 1230709 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments CVE-2024-46732 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46732.html CVE-2024-46732 https://bugzilla.suse.com/1230711 SUSE Bug 1230711 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the other is doing fsync, we have a race where we can end up either: 1) Attempt a fsync without holding the inode's lock, triggering an assertion failures when assertions are enabled; 2) Do an invalid memory access from the fsync task because the file private points to memory allocated on stack by the direct IO task and it may be used by the fsync task after the stack was destroyed. The race happens like this: 1) A user space program opens a file descriptor with O_DIRECT; 2) The program spawns 2 threads using libpthread for example; 3) One of the threads uses the file descriptor to do direct IO writes, while the other calls fsync using the same file descriptor. 4) Call task A the thread doing direct IO writes and task B the thread doing fsyncs; 5) Task A does a direct IO write, and at btrfs_direct_write() sets the file's private to an on stack allocated private with the member 'fsync_skip_inode_lock' set to true; 6) Task B enters btrfs_sync_file() and sees that there's a private structure associated to the file which has 'fsync_skip_inode_lock' set to true, so it skips locking the inode's VFS lock; 7) Task A completes the direct IO write, and resets the file's private to NULL since it had no prior private and our private was stack allocated. Then it unlocks the inode's VFS lock; 8) Task B enters btrfs_get_ordered_extents_for_logging(), then the assertion that checks the inode's VFS lock is held fails, since task B never locked it and task A has already unlocked it. The stack trace produced is the following: assertion failed: inode_is_locked(&inode->vfs_inode), in fs/btrfs/ordered-data.c:983 ------------[ cut here ]------------ kernel BUG at fs/btrfs/ordered-data.c:983! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 9 PID: 5072 Comm: worker Tainted: G U OE 6.10.5-1-default #1 openSUSE Tumbleweed 69f48d427608e1c09e60ea24c6c55e2ca1b049e8 Hardware name: Acer Predator PH315-52/Covini_CFS, BIOS V1.12 07/28/2020 RIP: 0010:btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs] Code: 50 d6 86 c0 e8 (...) RSP: 0018:ffff9e4a03dcfc78 EFLAGS: 00010246 RAX: 0000000000000054 RBX: ffff9078a9868e98 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff907dce4a7800 RDI: ffff907dce4a7800 RBP: ffff907805518800 R08: 0000000000000000 R09: ffff9e4a03dcfb38 R10: ffff9e4a03dcfb30 R11: 0000000000000003 R12: ffff907684ae7800 R13: 0000000000000001 R14: ffff90774646b600 R15: 0000000000000000 FS: 00007f04b96006c0(0000) GS:ffff907dce480000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f32acbfc000 CR3: 00000001fd4fa005 CR4: 00000000003726f0 Call Trace: <TASK> ? __die_body.cold+0x14/0x24 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x6a/0x90 ? btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] ? exc_invalid_op+0x50/0x70 ? btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] ? asm_exc_invalid_op+0x1a/0x20 ? btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] ? btrfs_get_ordered_extents_for_logging.cold+0x1f/0x42 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] btrfs_sync_file+0x21a/0x4d0 [btrfs bb26272d49b4cdc847cf3f7faadd459b62caee9a] ? __seccomp_filter+0x31d/0x4f0 __x64_sys_fdatasync+0x4f/0x90 do_syscall_64+0x82/0x160 ? do_futex+0xcb/0x190 ? __x64_sys_futex+0x10e/0x1d0 ? switch_fpu_return+0x4f/0xd0 ? syscall_exit_to_user_mode+0x72/0x220 ? do_syscall_64+0x8e/0x160 ? syscall_exit_to_user_mod ---truncated--- CVE-2024-46734 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46734.html CVE-2024-46734 https://bugzilla.suse.com/1230726 SUSE Bug 1230726 In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue. Fix it by adding the check in ublk_ctrl_start_recovery() and return immediately in case of zero 'ub->nr_queues_ready'. BUG: kernel NULL pointer dereference, address: 0000000000000028 RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x75/0x170 ? exc_page_fault+0x64/0x140 ? asm_exc_page_fault+0x22/0x30 ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180 ublk_ctrl_uring_cmd+0x4f7/0x6c0 ? pick_next_task_idle+0x26/0x40 io_uring_cmd+0x9a/0x1b0 io_issue_sqe+0x193/0x3f0 io_wq_submit_work+0x9b/0x390 io_worker_handle_work+0x165/0x360 io_wq_worker+0xcb/0x2f0 ? finish_task_switch.isra.0+0x203/0x290 ? finish_task_switch.isra.0+0x203/0x290 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CVE-2024-46735 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46735.html CVE-2024-46735 https://bugzilla.suse.com/1230727 SUSE Bug 1230727 In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Fix the bug by setting queue->nr_cmds to zero in case nvmet_tcp_alloc_cmd() fails. CVE-2024-46737 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46737.html CVE-2024-46737 https://bugzilla.suse.com/1230730 SUSE Bug 1230730 In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. It is possible though to create two resources with different types but same handle (same context and resource fields). When trying to remove one of the resources, vmci_resource_remove() may not remove the intended one, but the object will still be freed as in the case of the datagram type in vmci_datagram_destroy_handle(). vmci_resource_table will still hold a pointer to this freed resource leading to a use-after-free vulnerability. BUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] BUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 Read of size 4 at addr ffff88801c16d800 by task syz-executor197/1592 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106 print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239 __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425 kasan_report+0x38/0x51 mm/kasan/report.c:442 vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline] vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182 ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444 kref_put include/linux/kref.h:65 [inline] vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline] vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195 vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143 __fput+0x261/0xa34 fs/file_table.c:282 task_work_run+0xf0/0x194 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187 exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220 __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline] syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313 do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x6e/0x0 This change ensures the type is also checked when removing the resource from vmci_resource_table in vmci_resource_remove(). CVE-2024-46738 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46738.html CVE-2024-46738 https://bugzilla.suse.com/1230731 SUSE Bug 1230731 In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent for the primary channel. CVE-2024-46739 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46739.html CVE-2024-46739 https://bugzilla.suse.com/1230732 SUSE Bug 1230732 In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' In fastrpc_req_mmap() error path, the fastrpc buffer is freed in fastrpc_req_munmap_impl() if unmap is successful. But in the end, there is an unconditional call to fastrpc_buf_free(). So the above case triggers the double free of fastrpc buf. CVE-2024-46741 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46741.html CVE-2024-46741 https://bugzilla.suse.com/1230749 SUSE Bug 1230749 In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size. CVE-2024-46743 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46743.html CVE-2024-46743 https://bugzilla.suse.com/1230756 SUSE Bug 1230756 In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875536935 to inode->i_size. 2. Later squashfs_symlink_read_folio() is called, which assigns this corrupted value to the length variable, which being a signed int, overflows producing a negative number. 3. The following loop that fills in the page contents checks that the copied bytes is less than length, which being negative means the loop is skipped, producing an uninitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected. -- V2: fix spelling mistake. CVE-2024-46744 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46744.html CVE-2024-46744 https://bugzilla.suse.com/1230747 SUSE Bug 1230747 In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts. CVE-2024-46745 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46745.html CVE-2024-46745 https://bugzilla.suse.com/1230748 SUSE Bug 1230748 In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_device() has been called. Hence, hid driver_data should be freed only after the hid_destroy_device() function returned as driver_data is used in several callbacks. I observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling KASAN to debug memory allocation, I got this output: [ 13.050438] ================================================================== [ 13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh] [ 13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3 [ 13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479 [ 13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0 [ 13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024 [ 13.067860] Call Trace: [ 13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8 [ 13.071486] <TASK> [ 13.071492] dump_stack_lvl+0x5d/0x80 [ 13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002) [ 13.078296] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.082199] print_report+0x174/0x505 [ 13.085776] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.089367] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.093255] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.097464] kasan_report+0xc8/0x150 [ 13.101461] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.105802] amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.110303] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38] [ 13.114879] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.119450] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082] [ 13.124097] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.127404] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.131925] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5] [ 13.136455] ? _raw_spin_lock_irqsave+0x96/0xf0 [ 13.140197] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 13.143602] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b] [ 13.147234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.150446] ? __devm_add_action+0x167/0x1d0 [ 13.155061] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.158581] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.161814] platform_probe+0xa2/0x150 [ 13.165029] really_probe+0x1e3/0x8a0 [ 13.168243] __driver_probe_device+0x18c/0x370 [ 13.171500] driver_probe_device+0x4a/0x120 [ 13.175000] __driver_attach+0x190/0x4a0 [ 13.178521] ? __pfx___driver_attach+0x10/0x10 [ 13.181771] bus_for_each_dev+0x106/0x180 [ 13.185033] ? __pfx__raw_spin_lock+0x10/0x10 [ 13.188229] ? __pfx_bus_for_each_dev+0x10/0x10 [ 13.191446] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.194382] bus_add_driver+0x29e/0x4d0 [ 13.197328] driver_register+0x1a5/0x360 [ 13.200283] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172] [ 13.203362] do_one_initcall+0xa7/0x380 [ 13.206432] ? __pfx_do_one_initcall+0x10/0x10 [ 13.210175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 13.213211] ? kasan_unpoison+0x44/0x70 [ 13.216688] do_init_module+0x238/0x750 [ 13.2196 ---truncated--- CVE-2024-46746 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46746.html CVE-2024-46746 https://bugzilla.suse.com/1230751 SUSE Bug 1230751 In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it CVE-2024-46747 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46747.html CVE-2024-46747 https://bugzilla.suse.com/1230752 SUSE Bug 1230752 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() This adds a check before freeing the rx->skb in flush and close functions to handle the kernel crash seen while removing driver after FW download fails or before FW download completes. dmesg log: [ 54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 [ 54.643398] Mem abort info: [ 54.646204] ESR = 0x0000000096000004 [ 54.649964] EC = 0x25: DABT (current EL), IL = 32 bits [ 54.655286] SET = 0, FnV = 0 [ 54.658348] EA = 0, S1PTW = 0 [ 54.661498] FSC = 0x04: level 0 translation fault [ 54.666391] Data abort info: [ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000 [ 54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000 [ 54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse [ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2 [ 54.744364] Hardware name: FSL i.MX8MM EVK board (DT) [ 54.744368] Workqueue: hci0 hci_power_on [ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.757249] pc : kfree_skb_reason+0x18/0xb0 [ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart] [ 54.782921] sp : ffff8000805ebca0 [ 54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000 [ 54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230 [ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92 [ 54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff [ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857 [ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642 [ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688 [ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000 [ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac [ 54.857599] Call trace: [ 54.857601] kfree_skb_reason+0x18/0xb0 [ 54.863878] btnxpuart_flush+0x40/0x58 [btnxpuart] [ 54.863888] hci_dev_open_sync+0x3a8/0xa04 [ 54.872773] hci_power_on+0x54/0x2e4 [ 54.881832] process_one_work+0x138/0x260 [ 54.881842] worker_thread+0x32c/0x438 [ 54.881847] kthread+0x118/0x11c [ 54.881853] ret_from_fork+0x10/0x20 [ 54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400) [ 54.896410] ---[ end trace 0000000000000000 ]--- CVE-2024-46749 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46749.html CVE-2024-46749 https://bugzilla.suse.com/1230780 SUSE Bug 1230780 In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: <TASK> ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? pci_bridge_secondary_bus_reset+0x5d/0x70 pci_reset_bus+0x1d8/0x270 vmd_probe+0x778/0xa10 pci_device_probe+0x95/0x120 Where pci_reset_bus() users are triggering unlocked secondary bus resets. Ironically pci_bus_reset(), several calls down from pci_reset_bus(), uses pci_bus_lock() before issuing the reset which locks everything *but* the bridge itself. For the same motivation as adding: bridge = pci_upstream_bridge(dev); if (bridge) pci_dev_lock(bridge); to pci_reset_function() for the "bus" and "cxl_bus" reset cases, add pci_dev_lock() for @bus->self to pci_bus_lock(). [bhelgaas: squash in recursive locking deadlock fix from Keith Busch: https://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com] CVE-2024-46750 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46750.html CVE-2024-46750 https://bugzilla.suse.com/1230783 SUSE Bug 1230783 In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. CVE-2024-46751 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46751.html CVE-2024-46751 https://bugzilla.suse.com/1230786 SUSE Bug 1230786 In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't have the full backref flag set. This is unexpected and should never happen (save for bugs or a potential bad memory). CVE-2024-46752 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46752.html CVE-2024-46752 https://bugzilla.suse.com/1230794 SUSE Bug 1230794 In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. CVE-2024-46753 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46753.html CVE-2024-46753 https://bugzilla.suse.com/1230796 SUSE Bug 1230796 In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL pointer dereferences further down the callstack. Fix this by returning only used priv pointers which have priv->bss_mode set to something else than NL80211_IFTYPE_UNSPECIFIED. Said NULL pointer dereference happened when an Accesspoint was started with wpa_supplicant -i mlan0 with this config: network={ ssid="somessid" mode=2 frequency=2412 key_mgmt=WPA-PSK WPA-PSK-SHA256 proto=RSN group=CCMP pairwise=CCMP psk="12345678" } When waiting for the AP to be established, interrupting wpa_supplicant with <ctrl-c> and starting it again this happens: | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140 | Mem abort info: | ESR = 0x0000000096000004 | EC = 0x25: DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | FSC = 0x04: level 0 translation fault | Data abort info: | ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 | CM = 0, WnR = 0, TnD = 0, TagAccess = 0 | GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000 | [0000000000000140] pgd=0000000000000000, p4d=0000000000000000 | Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP | Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio +mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs +imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6 | CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18 | Hardware name: somemachine (DT) | Workqueue: events sdio_irq_work | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex] | lr : mwifiex_get_cfp+0x34/0x15c [mwifiex] | sp : ffff8000818b3a70 | x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004 | x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9 | x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000 | x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000 | x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517 | x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1 | x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157 | x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124 | x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000 | x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000 | Call trace: | mwifiex_get_cfp+0xd8/0x15c [mwifiex] | mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex] | mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex] | mwifiex_process_sta_event+0x298/0xf0c [mwifiex] | mwifiex_process_event+0x110/0x238 [mwifiex] | mwifiex_main_process+0x428/0xa44 [mwifiex] | mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio] | process_sdio_pending_irqs+0x64/0x1b8 | sdio_irq_work+0x4c/0x7c | process_one_work+0x148/0x2a0 | worker_thread+0x2fc/0x40c | kthread+0x110/0x114 | ret_from_fork+0x10/0x20 | Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000) | ---[ end trace 0000000000000000 ]--- CVE-2024-46755 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46755.html CVE-2024-46755 https://bugzilla.suse.com/1230802 SUSE Bug 1230802 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-46756 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46756.html CVE-2024-46756 https://bugzilla.suse.com/1230806 SUSE Bug 1230806 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-46757 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46757.html CVE-2024-46757 https://bugzilla.suse.com/1230809 SUSE Bug 1230809 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-46758 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46758.html CVE-2024-46758 https://bugzilla.suse.com/1230812 SUSE Bug 1230812 In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. CVE-2024-46759 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46759.html CVE-2024-46759 https://bugzilla.suse.com/1230814 SUSE Bug 1230814 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtw_rx_fill_rx_status on hw object and/or its fields because initialization routine can start getting USB replies before rtw_dev is fully setup. The stack trace looks like this: rtw_rx_fill_rx_status rtw8821c_query_rx_desc rtw_usb_rx_handler ... queue_work rtw_usb_read_port_complete ... usb_submit_urb rtw_usb_rx_resubmit rtw_usb_init_rx rtw_usb_probe So while we do the async stuff rtw_usb_probe continues and calls rtw_register_hw, which does all kinds of initialization (e.g. via ieee80211_register_hw) that rtw_rx_fill_rx_status relies on. Fix this by moving the first usb_submit_urb after everything is set up. For me, this bug manifested as: [ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped [ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status because I'm using Larry's backport of rtw88 driver with the NULL checks in rtw_rx_fill_rx_status. CVE-2024-46760 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46760.html CVE-2024-46760 https://bugzilla.suse.com/1230753 SUSE Bug 1230753 In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed. CVE-2024-46761 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46761.html CVE-2024-46761 https://bugzilla.suse.com/1230761 SUSE Bug 1230761 In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix missing of_node_put() for leds The call of of_get_child_by_name() will cause refcount incremented for leds, if it succeeds, it should call of_node_put() to decrease it, fix it. CVE-2024-46767 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46767.html CVE-2024-46767 https://bugzilla.suse.com/1230787 SUSE Bug 1230787 In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcm_connect() below. [0] The repro calls connect() to vxcan1, removes vxcan1, and calls connect() with ifindex == 0. Calling connect() for a BCM socket allocates a proc entry. Then, bcm_sk(sk)->bound is set to 1 to prevent further connect(). However, removing the bound device resets bcm_sk(sk)->bound to 0 in bcm_notify(). The 2nd connect() tries to allocate a proc entry with the same name and sets NULL to bcm_sk(sk)->bcm_proc_read, leaking the original proc entry. Since the proc entry is available only for connect()ed sockets, let's clean up the entry when the bound netdev is unregistered. [0]: proc_dir_entry 'can-bcm/2456' already registered WARNING: CPU: 1 PID: 394 at fs/proc/generic.c:376 proc_register+0x645/0x8f0 fs/proc/generic.c:375 Modules linked in: CPU: 1 PID: 394 Comm: syz-executor403 Not tainted 6.10.0-rc7-g852e42cc2dd4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:proc_register+0x645/0x8f0 fs/proc/generic.c:375 Code: 00 00 00 00 00 48 85 ed 0f 85 97 02 00 00 4d 85 f6 0f 85 9f 02 00 00 48 c7 c7 9b cb cf 87 48 89 de 4c 89 fa e8 1c 6f eb fe 90 <0f> 0b 90 90 48 c7 c7 98 37 99 89 e8 cb 7e 22 05 bb 00 00 00 10 48 RSP: 0018:ffa0000000cd7c30 EFLAGS: 00010246 RAX: 9e129be1950f0200 RBX: ff1100011b51582c RCX: ff1100011857cd80 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 RBP: 0000000000000000 R08: ffd400000000000f R09: ff1100013e78cac0 R10: ffac800000cd7980 R11: ff1100013e12b1f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ff1100011a99a2ec FS: 00007fbd7086f740(0000) GS:ff1100013fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200071c0 CR3: 0000000118556004 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> proc_create_net_single+0x144/0x210 fs/proc/proc_net.c:220 bcm_connect+0x472/0x840 net/can/bcm.c:1673 __sys_connect_file net/socket.c:2049 [inline] __sys_connect+0x5d2/0x690 net/socket.c:2066 __do_sys_connect net/socket.c:2076 [inline] __se_sys_connect net/socket.c:2073 [inline] __x64_sys_connect+0x8f/0x100 net/socket.c:2073 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1c0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7fbd708b0e5d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48 RSP: 002b:00007fff8cd33f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbd708b0e5d RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000040 R09: 0000000000000040 R10: 0000000000000040 R11: 0000000000000246 R12: 00007fff8cd34098 R13: 0000000000401280 R14: 0000000000406de8 R15: 00007fbd70ab9000 </TASK> remove_proc_entry: removing non-empty directory 'net/can-bcm', leaking at least '2456' CVE-2024-46771 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46771.html CVE-2024-46771 https://bugzilla.suse.com/1230766 SUSE Bug 1230766 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator crb_pipes before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity. CVE-2024-46772 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46772.html CVE-2024-46772 https://bugzilla.suse.com/1230772 SUSE Bug 1230772 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator pbn_div before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity. CVE-2024-46773 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46773.html CVE-2024-46773 https://bugzilla.suse.com/1230791 SUSE Bug 1230791 In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. CVE-2024-46774 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46774.html CVE-2024-46774 https://bugzilla.suse.com/1230767 SUSE Bug 1230767 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Run DC_LOG_DC after checking link->link_enc [WHAT] The DC_LOG_DC should be run after link->link_enc is checked, not before. This fixes 1 REVERSE_INULL issue reported by Coverity. CVE-2024-46776 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46776.html CVE-2024-46776 https://bugzilla.suse.com/1230775 SUSE Bug 1230775 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check UnboundedRequestEnabled's value CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled is a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus if (p->UnboundedRequestEnabled) checks its address, not bool value. This fixes 1 REVERSE_INULL issue reported by Coverity. CVE-2024-46778 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46778.html CVE-2024-46778 https://bugzilla.suse.com/1230776 SUSE Bug 1230776 In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtime for modifications/repairs, but they are also regularly swapped, replaced during resizing, and even abandoned when degrading to one side due to backing device issues. So, accessing them requires mutual exclusion using the reader/writer semaphore "nilfs->ns_sem". Some sysfs attribute show methods read this superblock buffer without the necessary mutual exclusion, which can cause problems with pointer dereferencing and memory access, so fix it. CVE-2024-46780 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46780.html CVE-2024-46780 https://bugzilla.suse.com/1230808 SUSE Bug 1230808 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned out that if data recovery was performed using partial logs created by dsync writes, but an error occurred before starting the log writer to create a recovered checkpoint, the inodes whose data had been recovered were left in the ns_dirty_files list of the nilfs object and were not freed. Fix this issue by cleaning up inodes that have read the recovery data if the recovery routine fails midway before the log writer starts. CVE-2024-46781 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46781.html CVE-2024-46781 https://bugzilla.suse.com/1230768 SUSE Bug 1230768 In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg() When we cork messages in psock->cork, the last message triggers the flushing will result in sending a sk_msg larger than the current message size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes negative at least in the following case: 468 case __SK_DROP: 469 default: 470 sk_msg_free_partial(sk, msg, tosend); 471 sk_msg_apply_bytes(psock, tosend); 472 *copied -= (tosend + delta); // <==== HERE 473 return -EACCES; Therefore, it could lead to the following BUG with a proper value of 'copied' (thanks to syzbot). We should not use negative 'copied' as a return value here. ------------[ cut here ]------------ kernel BUG at net/socket.c:733! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0 Hardware name: linux,dummy-virt (DT) pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : sock_sendmsg_nosec net/socket.c:733 [inline] pc : sock_sendmsg_nosec net/socket.c:728 [inline] pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745 lr : sock_sendmsg_nosec net/socket.c:730 [inline] lr : __sock_sendmsg+0x54/0x60 net/socket.c:745 sp : ffff800088ea3b30 x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000 x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000 x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90 x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001 x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0 x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000 x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef Call trace: sock_sendmsg_nosec net/socket.c:733 [inline] __sock_sendmsg+0x5c/0x60 net/socket.c:745 ____sys_sendmsg+0x274/0x2ac net/socket.c:2597 ___sys_sendmsg+0xac/0x100 net/socket.c:2651 __sys_sendmsg+0x84/0xe0 net/socket.c:2680 __do_sys_sendmsg net/socket.c:2689 [inline] __se_sys_sendmsg net/socket.c:2687 [inline] __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151 el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598 Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000) ---[ end trace 0000000000000000 ]--- CVE-2024-46783 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46783.html CVE-2024-46783 https://bugzilla.suse.com/1230810 SUSE Bug 1230810 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80 CVE-2024-46784 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46784.html CVE-2024-46784 https://bugzilla.suse.com/1230771 SUSE Bug 1230771 In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF The fscache_cookie_lru_timer is initialized when the fscache module is inserted, but is not deleted when the fscache module is removed. If timer_reduce() is called before removing the fscache module, the fscache_cookie_lru_timer will be added to the timer list of the current cpu. Afterwards, a use-after-free will be triggered in the softIRQ after removing the fscache module, as follows: ================================================================== BUG: unable to handle page fault for address: fffffbfff803c9e9 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855 Tainted: [W]=WARN RIP: 0010:__run_timer_base.part.0+0x254/0x8a0 Call Trace: <IRQ> tmigr_handle_remote_up+0x627/0x810 __walk_groups.isra.0+0x47/0x140 tmigr_handle_remote+0x1fa/0x2f0 handle_softirqs+0x180/0x590 irq_exit_rcu+0x84/0xb0 sysvec_apic_timer_interrupt+0x6e/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 default_idle_call+0x38/0x60 do_idle+0x2b5/0x300 cpu_startup_entry+0x54/0x60 start_secondary+0x20d/0x280 common_startup_64+0x13e/0x148 </TASK> Modules linked in: [last unloaded: netfs] ================================================================== Therefore delete fscache_cookie_lru_timer when removing the fscahe module. CVE-2024-46786 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46786.html CVE-2024-46786 https://bugzilla.suse.com/1230813 SUSE Bug 1230813 In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race scenario. On older kernels (before 6.5), I think the same bug can even theoretically lead to accessing transhuge page contents as a page table if you hit the right 5 narrow race windows (I haven't tested this case). 2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for detecting PMDs that don't point to page tables. On older kernels (before 6.5), you'd just have to win a single fairly wide race to hit this. I've tested this on 6.1 stable by racing migration (with a mdelay() patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86 VM, that causes a kernel oops in ptlock_ptr(). 3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed to yank page tables out from under us (though I haven't tested that), so I think the BUG_ON() checks in mfill_atomic() are just wrong. I decided to write two separate fixes for these (one fix for bugs 1+2, one fix for bug 3), so that the first fix can be backported to kernels affected by bugs 1+2. This patch (of 2): This fixes two issues. I discovered that the following race can occur: mfill_atomic other thread ============ ============ <zap PMD> pmdp_get_lockless() [reads none pmd] <bail if trans_huge> <if none:> <pagefault creates transhuge zeropage> __pte_alloc [no-op] <zap PMD> <bail if pmd_trans_huge(*dst_pmd)> BUG_ON(pmd_none(*dst_pmd)) I have experimentally verified this in a kernel with extra mdelay() calls; the BUG_ON(pmd_none(*dst_pmd)) triggers. On kernels newer than commit 0d940a9b270b ("mm/pgtable: allow pte_offset_map[_lock]() to fail"), this can't lead to anything worse than a BUG_ON(), since the page table access helpers are actually designed to deal with page tables concurrently disappearing; but on older kernels (<=6.4), I think we could probably theoretically race past the two BUG_ON() checks and end up treating a hugepage as a page table. The second issue is that, as Qi Zheng pointed out, there are other types of huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs (in particular, migration PMDs). On <=6.4, this is worse than the first issue: If mfill_atomic() runs on a PMD that contains a migration entry (which just requires winning a single, fairly wide race), it will pass the PMD to pte_offset_map_lock(), which assumes that the PMD points to a page table. Breakage follows: First, the kernel tries to take the PTE lock (which will crash or maybe worse if there is no "struct page" for the address bits in the migration entry PMD - I think at least on X86 there usually is no corresponding "struct page" thanks to the PTE inversion mitigation, amd64 looks different). If that didn't crash, the kernel would next try to write a PTE into what it wrongly thinks is a page table. As part of fixing these issues, get rid of the check for pmd_trans_huge() before __pte_alloc() - that's redundant, we're going to have to check for that after the __pte_alloc() anyway. Backport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels. CVE-2024-46787 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46787.html CVE-2024-46787 https://bugzilla.suse.com/1230815 SUSE Bug 1230815 In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device. If an interrupt has already occurred then waiting for the interrupt handler to complete will deadlock because it will be trying to acquire the same mutex. CPU0 CPU1 ---- ---- mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() <interrupt> mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() disable_irq() <-- deadlock Use disable_irq_nosync() instead because the interrupt handler does everything while holding the mutex so it doesn't matter if it's still running. CVE-2024-46791 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46791.html CVE-2024-46791 https://bugzilla.suse.com/1230821 SUSE Bug 1230821 In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable (val) on the stack to the VMM. This variable is only needed as an output value. It did not need to be passed to the VMM in the first place. Do not send the original value of *val to the VMM. [ dhansen: clarify what 'val' is used for. ] CVE-2024-46794 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46794.html CVE-2024-46794 https://bugzilla.suse.com/1230825 SUSE Bug 1230825 In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU might see stale lock values in get_tail_qnode(). If the stale lock value happens to match the lock on that CPU, then we write to the "next" pointer of the wrong qnode. This causes a deadlock as the former CPU, once it becomes the head of the MCS queue, will spin indefinitely until it's "next" pointer is set by its successor in the queue. Running stress-ng on a 16 core (16EC/16VP) shared LPAR, results in occasional lockups similar to the following: $ stress-ng --all 128 --vm-bytes 80% --aggressive \ --maximize --oomable --verify --syslog \ --metrics --times --timeout 5m watchdog: CPU 15 Hard LOCKUP ...... NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490 LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90 Call Trace: 0xc000002cfffa3bf0 (unreliable) _raw_spin_lock+0x6c/0x90 raw_spin_rq_lock_nested.part.135+0x4c/0xd0 sched_ttwu_pending+0x60/0x1f0 __flush_smp_call_function_queue+0x1dc/0x670 smp_ipi_demux_relaxed+0xa4/0x100 xive_muxed_ipi_action+0x20/0x40 __handle_irq_event_percpu+0x80/0x240 handle_irq_event_percpu+0x2c/0x80 handle_percpu_irq+0x84/0xd0 generic_handle_irq+0x54/0x80 __do_irq+0xac/0x210 __do_IRQ+0x74/0xd0 0x0 do_IRQ+0x8c/0x170 hardware_interrupt_common_virt+0x29c/0x2a0 --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490 ...... NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490 LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90 --- interrupt: 500 0xc0000029c1a41d00 (unreliable) _raw_spin_lock+0x6c/0x90 futex_wake+0x100/0x260 do_futex+0x21c/0x2a0 sys_futex+0x98/0x270 system_call_exception+0x14c/0x2f0 system_call_vectored_common+0x15c/0x2ec The following code flow illustrates how the deadlock occurs. For the sake of brevity, assume that both locks (A and B) are contended and we call the queued_spin_lock_slowpath() function. CPU0 CPU1 ---- ---- spin_lock_irqsave(A) | spin_unlock_irqrestore(A) | spin_lock(B) | | | ▼ | id = qnodesp->count++; | (Note that nodes[0].lock == A) | | | ▼ | Interrupt | (happens before "nodes[0].lock = B") | | | ▼ | spin_lock_irqsave(A) | | | ▼ | id = qnodesp->count++ | nodes[1].lock = A | | | ▼ | Tail of MCS queue | | spin_lock_irqsave(A) ▼ | Head of MCS queue ▼ | CPU0 is previous tail ▼ | Spin indefinitely ▼ (until "nodes[1].next != NULL") prev = get_tail_qnode(A, CPU0) | ▼ prev == &qnodes[CPU0].nodes[0] (as qnodes ---truncated--- CVE-2024-46797 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46797.html CVE-2024-46797 https://bugzilla.suse.com/1230831 SUSE Bug 1230831 In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 kernel detects that snd_pcm_suspend_all() access a freed 'snd_soc_pcm_runtime' object when the system is suspended, which leads to a use-after-free bug: [ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330 [ 52.047785] Call trace: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 The snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before making any access. So we need to always set 'substream->runtime' to NULL everytime we kfree() it. CVE-2024-46798 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46798.html CVE-2024-46798 https://bugzilla.suse.com/1230830 SUSE Bug 1230830 In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL. This function would then cause a NULL pointer dereference. Whilst a path to trigger this has not been established, harden this caller against the possibility. CVE-2024-46822 SUSE Linux Micro 6.0:kernel-default-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51 SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-devel-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-20-default-1-1.2 SUSE Linux Micro 6.0:kernel-macros-6.4.0-20.1 SUSE Linux Micro 6.0:kernel-source-6.4.0-20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520073-1/ https://www.suse.com/security/cve/CVE-2024-46822.html CVE-2024-46822 https://bugzilla.suse.com/1231120 SUSE Bug 1231120