Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20249-1 Final 1 1 2025-03-28T07:51:47Z current 2025-03-28T07:51:47Z 2025-03-28T07:51:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469). - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772). - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069). - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079). - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221) - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003). - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before "getting" registers (bsc#1236106). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). Features added: * - Disable ceph (jsc#PED-7242) * - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). * - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). * - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8645) The following non-security bugs were fixed: - 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes). - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: Fix memory resource type union access (git-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes). - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes). - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes). - ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes). - ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Check UMP support for midi_version change (git-fixes). - ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes). - ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes). - ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes). - ALSA: seq: ump: Use guard() for locking (stable-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes). - ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: US16x08: Initialize array before use (git-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes). - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes). - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes). - ASoC: amd: yc: Fix the wrong return value (git-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: hdmi-codec: reorder channel allocation list (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Add already cherry-picked ids to AMDGPU patch - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes). - Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: MGMT: Fix possible deadlocks (git-fixes). - Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes). - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - Bluetooth: iso: Fix recursive locking warning (git-fixes). - Delete XHCI patch for regression (bsc#1235550) - Disable ceph (jsc#PED-7242) - Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - Drop downstream TPM fix patch (bsc#1233260 bsc#1233259 bsc#1232421) - Drop uvcvideo fix due to regression (bsc#1235894) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - Move kABI workaround patch to correct folder - Move upstreamed DRM patch into sorted section - Move upstreamed NFS patch into sorted section - Move upstreamed TPM patch into sorted section - Move upstreamed lpfc patches into sorted section - Move upstreamed ppc patch into sorted section - Move upstreamed sound patch into sorted section - Move upstreamed sound patches into sorted section - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Async COPY result needs to return a write verifier (git-fixes). - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Remove a never-true comparison (git-fixes). - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes). - PCI/AER: Disable AER service on suspend (stable-fixes). - PCI/MSI: Handle lack of irqdomain gracefully (git-fixes). - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes). - PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes). - PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes). - PCI: Add T_PERST_CLK_US macro (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: Detect and trust built-in Thunderbolt chips (stable-fixes). - PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes). - PCI: Use preserve_config in place of pci_flags (stable-fixes). - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes). - PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes). - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: j721e: Add PCIe 4x lane selection support (stable-fixes). - PCI: j721e: Add per platform maximum lane settings (stable-fixes). - PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes). - PCI: j721e: Add suspend and resume support (git-fixes). - PCI: j721e: Use T_PERST_CLK_US macro (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: qcom: Add support for IPQ9574 (stable-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes). - PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). - RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes) - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes) - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes) - RDMA/bnxt_re: Disable use of reserved wqes (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes) - RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes) - RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/bnxt_re: Remove always true dattr validity check (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes) - RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes) - RDMA/hns: Fix missing flush CQE for DWQE (git-fixes) - RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - RDMA/uverbs: Prevent integer overflow issue (git-fixes) - README.BRANCH: Remove copy of branch name - Refresh patches.suse/ALSA-hda-realtek-Add-support-for-Samsung-Galaxy-Book.patch. - Refresh patches.suse/cpufreq-intel_pstate-Temporarily-boost-P-state-when-.patch. - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" (stable-fixes). - Revert "block/mq-deadline: use correct way to throttling write requests" (bsc#1234146). - Revert "btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)" - Revert "drm/i915/dpt: Make DPT object unshrinkable" (stable-fixes). - Revert "igb: Disable threaded IRQ for igb_msix_other" (git-fixes). - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" (git-fixes). - Revert "unicode: Do not special case ignorable code points" (stable-fixes). - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (stable-fixes). - Revert 'arm64: Kconfig: Make SME depend on BROKEN for now' This reverts commit 2ccfee6be929dd4ea49ef59a7ae686473aae40b6 CONFIG_ARM64_SME is enabled by default so some customers may rely on SME. We need further analysis to evaluate to what extent we are impacted and in case we'll disable SME support later. - Revert 0dd78566990 ("Disable ceph (jsc#PED-7242)") Apparently, jsc#PED-7242 is only deprecate ceph for 15-SP6 and disable for 15-SP7. Revert the disabling. - SUNRPC: make sure cache entry active before cache_show (git-fixes). - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MediaTek T7XX compositions (stable-fixes). - USB: serial: option: add MeiG Smart SLM770A (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes). - USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes). - USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes). - accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes). - accel/habanalabs: fix debugfs files permissions (stable-fixes). - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes). - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes). - af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725). - afs: Automatically generate trace tag enums (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix missing subdir edit when renamed between parent dirs (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - amdgpu/uvd: get ring reference from rq scheduler (git-fixes). - arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773). - arch: Remove cmpxchg_double (bsc#1220773). - arch: consolidate arch_irq_work_raise prototypes (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Force position-independent veneers (git-fixes). - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) Update arm64 default configuration file - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes). - arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - batman-adv: Do not let TT changes list grows indefinitely (git-fixes). - batman-adv: Do not send uninitialized TT changes (git-fixes). - batman-adv: Remove uninitialized data in full table TT response (git-fixes). - blacklist.conf: printk/sysctl: breaks kernel without pre-requisite patches (bsc#1229025) - blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726). - blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139). - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144). - blk-iocost: do not WARN if iocg was already offlined (bsc#1234147). - blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" (bsc#1234140). - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149). - block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150). - block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160). - block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280). - block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279). - block/mq-deadline: Fix the tag reservation code (bsc#1234148). - block: Call .limit_depth() after .hctx has been set (bsc#1234148). - block: Fix where bio IO priority gets set (bsc#1234145). - block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142). - block: update the stable_writes flag in bdev_add (bsc#1234141). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes). - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes). - bnxt_en: Set backplane link modes correctly for ethtool (git-fixes). - bpf, x86: Fix PROBE_MEM runtime load check (git-fixes). - bpf: verifier: prevent userspace memory access (git-fixes). - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128) - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes). - can: j1939: fix error in J1939 documentation (stable-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - checkpatch: always parse orig_commit in fixes tag (git-fixes). - checkpatch: check for missing Fixes tags (stable-fixes). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes). - clocksource/drivers:sp804: Make user selectable (git-fixes). - counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes). - counter: ti-ecap-capture: Add check for clk_enable() (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qat - disable IOV in adf_dev_stop() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes). - cyrpto/b128ops: Remove struct u128 (bsc#1220773). - devcoredump: cleanup some comments (git-fixes). - devlink: Fix length of eswitch inline-mode (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dma-buf: fix dma_fence_array_signaled v4 (stable-fixes). - dma-debug: fix a possible deadlock on radix_lock (stable-fixes). - dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes). - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes). - dmaengine: dw: Select only supported masters for ACPI devices (git-fixes). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes). - dmaengine: tegra: Return correct DMA status when paused (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - driver core: fw_devlink: Improve logs for cycle detection (stable-fixes). - driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes). - drm/amd/display: Add HDR workaround for specific eDP (stable-fixes). - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Revert Avoid overflow assignment (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amd/pm: fix the high voltage issue after unload (stable-fixes). - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes). - drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes). - drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes). - drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes). - drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes). - drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes). - drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes). - drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes). - drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: do not access invalid sched (git-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: fix usage slab after free (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes). - drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/amdkfd: Use device based logging for errors (stable-fixes). - drm/amdkfd: Use the correct wptr size (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/amdkfd: pause autosuspend when creating pdd (stable-fixes). - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/bridge: it6505: Enable module autoloading (stable-fixes). - drm/bridge: it6505: Fix inverted reset polarity (git-fixes). - drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes). - drm/display: Fix building with GCC 15 (stable-fixes). - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes). - drm/dp_mst: Fix MST sideband message body length check (stable-fixes). - drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes). - drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes). - drm/i915/dg1: Fix power gate sequence (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes). - drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes). - drm/mcde: Enable module autoloading (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes). - drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes). - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes). - drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes). - drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes). - drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes). - drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - drm: adv7511: Drop dsi single lane support (git-fixes). - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes). - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - erofs: avoid debugging output for (de)compressed data (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - ext4: add a new helper to check if es must be kept (bsc#1234170). - ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164). - ext4: add missed brelse in update_backups (bsc#1234171). - ext4: allow for the last group to be marked as trimmed (bsc#1234278). - ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180). - ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193). - ext4: avoid overlapping preallocations due to overflow (bsc#1234162). - ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192). - ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187). - ext4: check the extent status again before inserting delalloc block (bsc#1234186). - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190). - ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178). - ext4: correct best extent lstart adjustment logic (bsc#1234179). - ext4: correct grp validation in ext4_mb_good_group (bsc#1234163). - ext4: correct return value of ext4_convert_meta_bg (bsc#1234172). - ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178). - ext4: correct the start block of counting reserved clusters (bsc#1234169). - ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166). - ext4: do not trim the group with corrupted block bitmap (bsc#1234177). - ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170). - ext4: factor out a common helper to query extent map (bsc#1234186). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176). - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188). - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188). - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix potential unnitialized variable (bsc#1234183). - ext4: fix race between writepages and remount (bsc#1234168). - ext4: fix rec_len verify error (bsc#1234167). - ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170). - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185). - ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178). - ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170). - ext4: make ext4_es_insert_extent() return void (bsc#1234170). - ext4: make ext4_es_remove_extent() return void (bsc#1234170). - ext4: make ext4_zeroout_es() return void (bsc#1234170). - ext4: make sure allocate pending entry not fail (bsc#1234170). - ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175). - ext4: move 'ix' sanity check to corrent position (bsc#1234174). - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165). - ext4: nested locking for xattr inode (bsc#1234189). - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194). - ext4: refactor ext4_da_map_blocks() (bsc#1234178). - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173). - ext4: remove the redundant folio_wait_stable() (bsc#1234184). - ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182). - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181). - ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170). - ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - filemap: Fix bounds checking in filemap_read() (bsc#1234209). - filemap: add a per-mapping stable writes flag (bsc#1234141). - firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes). - fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200). - fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207). - fsnotify: fix sending inotify event with unexpected filename (bsc#1234198). - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes). - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes). - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: grgpio: Add NULL check in grgpio_probe (git-fixes). - gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - hvc/xen: fix console unplug (git-fixes). - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes). - hvc/xen: fix event channel handling for secondary consoles (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes). - hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes). - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes). - hwmon: (tmp513) Do not use "proxy" headers (stable-fixes). - hwmon: (tmp513) Fix Current Register value interpretation (git-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes). - hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes). - hwmon: (tmp513) Use SI constants from units.h (stable-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes). - i2c: microchip-core: actually use repeated sends (git-fixes). - i2c: microchip-core: fix "ghost" detections (git-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: pnx: Fix timeout in wait functions (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: riic: Always round-up when calculating bus period (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - i40e: Fix handling changed priv flags (git-fixes). - i915/guc: Accumulate active runtime on gt reset (git-fixes). - i915/guc: Ensure busyness counter increases motonically (git-fixes). - i915/guc: Reset engine utilization buffer before registration (git-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ice: Unbind the workqueue (bsc#1234989) - ice: change q_index variable type to s16 to store -1 value (git-fixes). - ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes). - ice: fix PHY Clock Recovery availability check (git-fixes). - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - igb: Fix potential invalid memory access in igb_init_module() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - instrumentation: Wire up cmpxchg128() (bsc#1220773). - intel_th: core: fix kernel-doc warnings (git-fixes). - io_uring/rw: avoid punting to io-wq directly (git-fixes). - io_uring/tctx: work around xa_store() allocation error issue (git-fixes). - io_uring: Fix registered ring file refcount leak (git-fixes). - io_uring: always lock __io_cqring_overflow_flush (git-fixes). - io_uring: check if iowq is killed before queuing (git-fixes). - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes). - isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199). - ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes). - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes). - kabi/severities: make vcap_find_actionfield PASS (bsc#1220773) - kasan: make report_lock a raw spinlock (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kdb: Fix buffer overflow during tab-complete (bsc#1234652). - kdb: Fix console handling when editing and tab-completing commands (bsc#1234655). - kdb: Merge identical case statements in kdb_read() (bsc#1234657). - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658). - kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654). - kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654). - kdb: address -Wformat-security warnings (bsc#1234659). - kgdb: Flush console before entering kgdb on panic (bsc#1234651). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo "accesing" (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes). - locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix). - loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143). - mac80211: fix user-power when emulating chanctx (stable-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes). - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes). - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - mfd: da9052-spi: Change read-mask to write-mask (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/readahead: do not allow order-1 folio (bsc#1234205). - mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes). - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes). - mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes). - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes). - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes). - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes). - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes). - mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes). - mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes). - net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes). - net/mlx5e: clear xdp features on non-uplink representors (git-fixes). - net/qed: allow old cards not supporting "num_images" to work (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Quectel RG650V (stable-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nfs: ignore SB_RDONLY when mounting nfs (git-fixes). - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - nfsd: release svc_expkey/svc_export with rcu_work (git-fixes). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes). - nvme-rdma: unquiesce admin_q before destroy it (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme-tcp: fix the memleak while create new ctrl failed (git-fixes). - nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: apple: fix device reference counting (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvme: fix metadata handling in nvme-passthrough (git-fixes). - nvmet-loop: avoid using mutex in IO hotpath (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes). - ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes). - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes). - of: Fix error path in of_parse_phandle_with_args_map() (git-fixes). - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes). - of: address: Report error on resource bounds overflow (stable-fixes). - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - parisc: Raise minimal GCC version (bsc#1220773). - parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix). - percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773). - percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix). - percpu: Wire up cmpxchg128 (bsc#1220773). - phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes). - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes). - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes). - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes). - phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes). - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes). - phy: rockchip: naneng-combphy: fix phy reset (git-fixes). - phy: usb: Toggle the PHY power during init (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes). - pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes). - pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - pinmux: Use sequential access to access desc->pinmux data (stable-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes). - platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes). - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes). - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - power: supply: gpio-charger: Fix set charge current limits (git-fixes). - powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - quota: Fix rcu annotations of inode dquot pointers (bsc#1234197). - quota: explicitly forbid quota files from being encrypted (bsc#1234196). - quota: flush quota_release_work upon quota writeback (bsc#1234195). - quota: simplify drop_dquot_ref() (bsc#1234197). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208). - regmap: Use correct format specifier for logging range errors (stable-fixes). - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390/cio: Do not unregister the subchannel based on DNV (git-fixes). - s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773). - s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes). - s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes). - s390/facility: Disable compile time optimization for decompressor code (git-fixes). - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes). - s390/pageattr: Implement missing kernel_page_present() (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)). - scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409). - scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409). - scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409). - scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409). - scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409). - scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409). - scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409). - scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409). - scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409). - scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409). - scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406). - scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406). - scsi: qla2xxx: Fix use after free on unload (bsc#1235406). - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406). - scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406). - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406). - scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406). - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes). - serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes). - serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes). - serial: 8250_fintek: Add support for F81216E (stable-fixes). - serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes). - serial: amba-pl011: Fix RX stall when DMA is used (git-fixes). - serial: amba-pl011: Use port lock wrappers (stable-fixes). - serial: amba-pl011: fix build regression (git-fixes). - serial: do not use uninitialized value in uart_poll_init() (git-fixes). - serial: imx: only set receiver level if it is zero (git-fixes). - serial: imx: set receiver level before starting uart (git-fixes). - serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes). - serial: qcom-geni: disable interrupts during console writes (git-fixes). - serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes). - serial: qcom-geni: fix console corruption (git-fixes). - serial: qcom-geni: fix dma rx cancellation (git-fixes). - serial: qcom-geni: fix false console tx restart (git-fixes). - serial: qcom-geni: fix fifo polling timeout (git-fixes). - serial: qcom-geni: fix hard lockup on buffer flush (git-fixes). - serial: qcom-geni: fix polled console corruption (git-fixes). - serial: qcom-geni: fix polled console initialisation (git-fixes). - serial: qcom-geni: fix receiver enable (git-fixes). - serial: qcom-geni: fix shutdown race (git-fixes). - serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes). - serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes). - serial: qcom-geni: revert broken hibernation support (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes). - serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes). - series.conf: temporarily disable upstream patch patches.suse/ocfs2-fix-UBSAN-warning-in-ocfs2_verify_volume.patch (bsc#1236138) - slub: Replace cmpxchg_double() (bsc#1220773). - slub: Replace cmpxchg_double() - KABI fix (bsc#1220773). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642] - soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes). - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes). - soc: imx8m: Probe the SoC driver as platform driver (stable-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: Add check devm_kasprintf() returned value (stable-fixes). - soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes). - soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes). - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes). - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8645) - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes). - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes). - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tools: hv: change permissions of NetworkManager configuration file (git-fixes). - tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes). - types: Introduce [us]128 (bsc#1220773). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - udf: Fix lock ordering in udf_evict_inode() (bsc#1234238). - udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243). - udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239). - udf: refactor inode_bmap() to handle error (bsc#1234242). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes). - usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes). - usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes). - usb: dwc2: Fix HCD port connection race (git-fixes). - usb: dwc2: Fix HCD resume (git-fixes). - usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes). - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes). - usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes). - usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes). - usb: host: max3421-hcd: Correctly abort a USB request (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes). - usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes). - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes). - vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes). - vdpa: solidrun: Fix UB bug with devres (git-fixes). - vfs: fix readahead(2) on block devices (bsc#1234201). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes). - wifi: ath5k: add PCI ID for SX76X (git-fixes). - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix station NSS capability initialization order (git-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes). - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203). - x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773). - x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773). - x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). - xfs: do not allocate COW extents when unsharing a hole (git-fixes). - xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes). - xfs: remove unknown compat feature check in superblock write validation (git-fixes). - xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes). - xfs: sb_spino_align is not verified (git-fixes). - xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes). - xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-kernel-4 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ Link for SUSE-SU-2025:20249-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021072.html E-Mail link for SUSE-SU-2025:20249-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1012628 SUSE Bug 1012628 https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1181674 SUSE Bug 1181674 https://bugzilla.suse.com/1194869 SUSE Bug 1194869 https://bugzilla.suse.com/1207948 SUSE Bug 1207948 https://bugzilla.suse.com/1214954 SUSE Bug 1214954 https://bugzilla.suse.com/1215199 SUSE Bug 1215199 https://bugzilla.suse.com/1216702 SUSE Bug 1216702 https://bugzilla.suse.com/1216813 SUSE Bug 1216813 https://bugzilla.suse.com/1218470 SUSE Bug 1218470 https://bugzilla.suse.com/1219170 SUSE Bug 1219170 https://bugzilla.suse.com/1219596 SUSE Bug 1219596 https://bugzilla.suse.com/1220021 SUSE Bug 1220021 https://bugzilla.suse.com/1220328 SUSE Bug 1220328 https://bugzilla.suse.com/1220430 SUSE Bug 1220430 https://bugzilla.suse.com/1220711 SUSE Bug 1220711 https://bugzilla.suse.com/1220773 SUSE Bug 1220773 https://bugzilla.suse.com/1221044 SUSE Bug 1221044 https://bugzilla.suse.com/1221303 SUSE Bug 1221303 https://bugzilla.suse.com/1221858 SUSE Bug 1221858 https://bugzilla.suse.com/1222426 SUSE Bug 1222426 https://bugzilla.suse.com/1222608 SUSE Bug 1222608 https://bugzilla.suse.com/1222721 SUSE Bug 1222721 https://bugzilla.suse.com/1222775 SUSE Bug 1222775 https://bugzilla.suse.com/1222780 SUSE Bug 1222780 https://bugzilla.suse.com/1223020 SUSE Bug 1223020 https://bugzilla.suse.com/1223023 SUSE Bug 1223023 https://bugzilla.suse.com/1223024 SUSE Bug 1223024 https://bugzilla.suse.com/1223038 SUSE Bug 1223038 https://bugzilla.suse.com/1223039 SUSE Bug 1223039 https://bugzilla.suse.com/1223041 SUSE Bug 1223041 https://bugzilla.suse.com/1223046 SUSE Bug 1223046 https://bugzilla.suse.com/1223051 SUSE Bug 1223051 https://bugzilla.suse.com/1223052 SUSE Bug 1223052 https://bugzilla.suse.com/1223058 SUSE Bug 1223058 https://bugzilla.suse.com/1223061 SUSE Bug 1223061 https://bugzilla.suse.com/1223076 SUSE Bug 1223076 https://bugzilla.suse.com/1223113 SUSE Bug 1223113 https://bugzilla.suse.com/1223187 SUSE Bug 1223187 https://bugzilla.suse.com/1223285 SUSE Bug 1223285 https://bugzilla.suse.com/1223315 SUSE Bug 1223315 https://bugzilla.suse.com/1223591 SUSE Bug 1223591 https://bugzilla.suse.com/1223592 SUSE Bug 1223592 https://bugzilla.suse.com/1223633 SUSE Bug 1223633 https://bugzilla.suse.com/1223637 SUSE Bug 1223637 https://bugzilla.suse.com/1223641 SUSE Bug 1223641 https://bugzilla.suse.com/1223649 SUSE Bug 1223649 https://bugzilla.suse.com/1223650 SUSE Bug 1223650 https://bugzilla.suse.com/1223651 SUSE Bug 1223651 https://bugzilla.suse.com/1223652 SUSE Bug 1223652 https://bugzilla.suse.com/1223654 SUSE Bug 1223654 https://bugzilla.suse.com/1223660 SUSE Bug 1223660 https://bugzilla.suse.com/1223661 SUSE Bug 1223661 https://bugzilla.suse.com/1223665 SUSE Bug 1223665 https://bugzilla.suse.com/1223666 SUSE Bug 1223666 https://bugzilla.suse.com/1223671 SUSE Bug 1223671 https://bugzilla.suse.com/1223675 SUSE Bug 1223675 https://bugzilla.suse.com/1223677 SUSE Bug 1223677 https://bugzilla.suse.com/1223678 SUSE Bug 1223678 https://bugzilla.suse.com/1223696 SUSE Bug 1223696 https://bugzilla.suse.com/1223698 SUSE Bug 1223698 https://bugzilla.suse.com/1223705 SUSE Bug 1223705 https://bugzilla.suse.com/1223712 SUSE Bug 1223712 https://bugzilla.suse.com/1223718 SUSE Bug 1223718 https://bugzilla.suse.com/1223728 SUSE Bug 1223728 https://bugzilla.suse.com/1223739 SUSE Bug 1223739 https://bugzilla.suse.com/1223741 SUSE Bug 1223741 https://bugzilla.suse.com/1223744 SUSE Bug 1223744 https://bugzilla.suse.com/1223747 SUSE Bug 1223747 https://bugzilla.suse.com/1223748 SUSE Bug 1223748 https://bugzilla.suse.com/1223750 SUSE Bug 1223750 https://bugzilla.suse.com/1223752 SUSE Bug 1223752 https://bugzilla.suse.com/1223754 SUSE Bug 1223754 https://bugzilla.suse.com/1223757 SUSE Bug 1223757 https://bugzilla.suse.com/1223759 SUSE Bug 1223759 https://bugzilla.suse.com/1223761 SUSE Bug 1223761 https://bugzilla.suse.com/1223762 SUSE Bug 1223762 https://bugzilla.suse.com/1223782 SUSE Bug 1223782 https://bugzilla.suse.com/1223787 SUSE Bug 1223787 https://bugzilla.suse.com/1223788 SUSE Bug 1223788 https://bugzilla.suse.com/1223789 SUSE Bug 1223789 https://bugzilla.suse.com/1223790 SUSE Bug 1223790 https://bugzilla.suse.com/1223802 SUSE Bug 1223802 https://bugzilla.suse.com/1223805 SUSE Bug 1223805 https://bugzilla.suse.com/1223827 SUSE Bug 1223827 https://bugzilla.suse.com/1223831 SUSE Bug 1223831 https://bugzilla.suse.com/1223834 SUSE Bug 1223834 https://bugzilla.suse.com/1223869 SUSE Bug 1223869 https://bugzilla.suse.com/1223874 SUSE Bug 1223874 https://bugzilla.suse.com/1224095 SUSE Bug 1224095 https://bugzilla.suse.com/1224174 SUSE Bug 1224174 https://bugzilla.suse.com/1224177 SUSE Bug 1224177 https://bugzilla.suse.com/1224180 SUSE Bug 1224180 https://bugzilla.suse.com/1224423 SUSE Bug 1224423 https://bugzilla.suse.com/1224432 SUSE Bug 1224432 https://bugzilla.suse.com/1224433 SUSE Bug 1224433 https://bugzilla.suse.com/1224437 SUSE Bug 1224437 https://bugzilla.suse.com/1224438 SUSE Bug 1224438 https://bugzilla.suse.com/1224443 SUSE Bug 1224443 https://bugzilla.suse.com/1224445 SUSE Bug 1224445 https://bugzilla.suse.com/1224449 SUSE Bug 1224449 https://bugzilla.suse.com/1224479 SUSE Bug 1224479 https://bugzilla.suse.com/1224480 SUSE Bug 1224480 https://bugzilla.suse.com/1224482 SUSE Bug 1224482 https://bugzilla.suse.com/1224486 SUSE Bug 1224486 https://bugzilla.suse.com/1224487 SUSE Bug 1224487 https://bugzilla.suse.com/1224491 SUSE Bug 1224491 https://bugzilla.suse.com/1224492 SUSE Bug 1224492 https://bugzilla.suse.com/1224494 SUSE Bug 1224494 https://bugzilla.suse.com/1224495 SUSE Bug 1224495 https://bugzilla.suse.com/1224500 SUSE Bug 1224500 https://bugzilla.suse.com/1224501 SUSE Bug 1224501 https://bugzilla.suse.com/1224504 SUSE Bug 1224504 https://bugzilla.suse.com/1224505 SUSE Bug 1224505 https://bugzilla.suse.com/1224506 SUSE Bug 1224506 https://bugzilla.suse.com/1224507 SUSE Bug 1224507 https://bugzilla.suse.com/1224508 SUSE Bug 1224508 https://bugzilla.suse.com/1224509 SUSE Bug 1224509 https://bugzilla.suse.com/1224513 SUSE Bug 1224513 https://bugzilla.suse.com/1224517 SUSE Bug 1224517 https://bugzilla.suse.com/1224519 SUSE Bug 1224519 https://bugzilla.suse.com/1224521 SUSE Bug 1224521 https://bugzilla.suse.com/1224524 SUSE Bug 1224524 https://bugzilla.suse.com/1224526 SUSE Bug 1224526 https://bugzilla.suse.com/1224537 SUSE Bug 1224537 https://bugzilla.suse.com/1224542 SUSE Bug 1224542 https://bugzilla.suse.com/1224546 SUSE Bug 1224546 https://bugzilla.suse.com/1224552 SUSE Bug 1224552 https://bugzilla.suse.com/1224555 SUSE Bug 1224555 https://bugzilla.suse.com/1224557 SUSE Bug 1224557 https://bugzilla.suse.com/1224558 SUSE Bug 1224558 https://bugzilla.suse.com/1224559 SUSE Bug 1224559 https://bugzilla.suse.com/1224562 SUSE Bug 1224562 https://bugzilla.suse.com/1224566 SUSE Bug 1224566 https://bugzilla.suse.com/1224567 SUSE Bug 1224567 https://bugzilla.suse.com/1224568 SUSE Bug 1224568 https://bugzilla.suse.com/1224569 SUSE Bug 1224569 https://bugzilla.suse.com/1224571 SUSE Bug 1224571 https://bugzilla.suse.com/1224573 SUSE Bug 1224573 https://bugzilla.suse.com/1224576 SUSE Bug 1224576 https://bugzilla.suse.com/1224577 SUSE Bug 1224577 https://bugzilla.suse.com/1224578 SUSE Bug 1224578 https://bugzilla.suse.com/1224579 SUSE Bug 1224579 https://bugzilla.suse.com/1224582 SUSE Bug 1224582 https://bugzilla.suse.com/1224585 SUSE Bug 1224585 https://bugzilla.suse.com/1224586 SUSE Bug 1224586 https://bugzilla.suse.com/1224587 SUSE Bug 1224587 https://bugzilla.suse.com/1224588 SUSE Bug 1224588 https://bugzilla.suse.com/1224592 SUSE Bug 1224592 https://bugzilla.suse.com/1224596 SUSE Bug 1224596 https://bugzilla.suse.com/1224598 SUSE Bug 1224598 https://bugzilla.suse.com/1224600 SUSE Bug 1224600 https://bugzilla.suse.com/1224601 SUSE Bug 1224601 https://bugzilla.suse.com/1224603 SUSE Bug 1224603 https://bugzilla.suse.com/1224605 SUSE Bug 1224605 https://bugzilla.suse.com/1224607 SUSE Bug 1224607 https://bugzilla.suse.com/1224609 SUSE Bug 1224609 https://bugzilla.suse.com/1224611 SUSE Bug 1224611 https://bugzilla.suse.com/1224613 SUSE Bug 1224613 https://bugzilla.suse.com/1224615 SUSE Bug 1224615 https://bugzilla.suse.com/1224617 SUSE Bug 1224617 https://bugzilla.suse.com/1224618 SUSE Bug 1224618 https://bugzilla.suse.com/1224620 SUSE Bug 1224620 https://bugzilla.suse.com/1224622 SUSE Bug 1224622 https://bugzilla.suse.com/1224623 SUSE Bug 1224623 https://bugzilla.suse.com/1224624 SUSE Bug 1224624 https://bugzilla.suse.com/1224626 SUSE Bug 1224626 https://bugzilla.suse.com/1224627 SUSE Bug 1224627 https://bugzilla.suse.com/1224629 SUSE Bug 1224629 https://bugzilla.suse.com/1224630 SUSE Bug 1224630 https://bugzilla.suse.com/1224632 SUSE Bug 1224632 https://bugzilla.suse.com/1224633 SUSE Bug 1224633 https://bugzilla.suse.com/1224634 SUSE Bug 1224634 https://bugzilla.suse.com/1224637 SUSE Bug 1224637 https://bugzilla.suse.com/1224639 SUSE Bug 1224639 https://bugzilla.suse.com/1224640 SUSE Bug 1224640 https://bugzilla.suse.com/1224643 SUSE Bug 1224643 https://bugzilla.suse.com/1224644 SUSE Bug 1224644 https://bugzilla.suse.com/1224646 SUSE Bug 1224646 https://bugzilla.suse.com/1224647 SUSE Bug 1224647 https://bugzilla.suse.com/1224650 SUSE Bug 1224650 https://bugzilla.suse.com/1224651 SUSE Bug 1224651 https://bugzilla.suse.com/1224653 SUSE Bug 1224653 https://bugzilla.suse.com/1224654 SUSE Bug 1224654 https://bugzilla.suse.com/1224657 SUSE Bug 1224657 https://bugzilla.suse.com/1224660 SUSE Bug 1224660 https://bugzilla.suse.com/1224663 SUSE Bug 1224663 https://bugzilla.suse.com/1224665 SUSE Bug 1224665 https://bugzilla.suse.com/1224666 SUSE Bug 1224666 https://bugzilla.suse.com/1224671 SUSE Bug 1224671 https://bugzilla.suse.com/1224675 SUSE Bug 1224675 https://bugzilla.suse.com/1224676 SUSE Bug 1224676 https://bugzilla.suse.com/1224677 SUSE Bug 1224677 https://bugzilla.suse.com/1224680 SUSE Bug 1224680 https://bugzilla.suse.com/1224681 SUSE Bug 1224681 https://bugzilla.suse.com/1224682 SUSE Bug 1224682 https://bugzilla.suse.com/1224683 SUSE Bug 1224683 https://bugzilla.suse.com/1224685 SUSE Bug 1224685 https://bugzilla.suse.com/1224686 SUSE Bug 1224686 https://bugzilla.suse.com/1224687 SUSE Bug 1224687 https://bugzilla.suse.com/1224688 SUSE Bug 1224688 https://bugzilla.suse.com/1224692 SUSE Bug 1224692 https://bugzilla.suse.com/1224696 SUSE Bug 1224696 https://bugzilla.suse.com/1224697 SUSE Bug 1224697 https://bugzilla.suse.com/1224699 SUSE Bug 1224699 https://bugzilla.suse.com/1224701 SUSE Bug 1224701 https://bugzilla.suse.com/1224703 SUSE Bug 1224703 https://bugzilla.suse.com/1224704 SUSE Bug 1224704 https://bugzilla.suse.com/1224705 SUSE Bug 1224705 https://bugzilla.suse.com/1224706 SUSE Bug 1224706 https://bugzilla.suse.com/1224707 SUSE Bug 1224707 https://bugzilla.suse.com/1224709 SUSE Bug 1224709 https://bugzilla.suse.com/1224710 SUSE Bug 1224710 https://bugzilla.suse.com/1224712 SUSE Bug 1224712 https://bugzilla.suse.com/1224714 SUSE Bug 1224714 https://bugzilla.suse.com/1224716 SUSE Bug 1224716 https://bugzilla.suse.com/1224717 SUSE Bug 1224717 https://bugzilla.suse.com/1224719 SUSE Bug 1224719 https://bugzilla.suse.com/1224722 SUSE Bug 1224722 https://bugzilla.suse.com/1224723 SUSE Bug 1224723 https://bugzilla.suse.com/1224726 SUSE Bug 1224726 https://bugzilla.suse.com/1224728 SUSE Bug 1224728 https://bugzilla.suse.com/1224729 SUSE Bug 1224729 https://bugzilla.suse.com/1224730 SUSE Bug 1224730 https://bugzilla.suse.com/1224731 SUSE Bug 1224731 https://bugzilla.suse.com/1224732 SUSE Bug 1224732 https://bugzilla.suse.com/1224733 SUSE Bug 1224733 https://bugzilla.suse.com/1224736 SUSE Bug 1224736 https://bugzilla.suse.com/1224738 SUSE Bug 1224738 https://bugzilla.suse.com/1224739 SUSE Bug 1224739 https://bugzilla.suse.com/1224740 SUSE Bug 1224740 https://bugzilla.suse.com/1224741 SUSE Bug 1224741 https://bugzilla.suse.com/1224747 SUSE Bug 1224747 https://bugzilla.suse.com/1224749 SUSE Bug 1224749 https://bugzilla.suse.com/1224803 SUSE Bug 1224803 https://bugzilla.suse.com/1224804 SUSE Bug 1224804 https://bugzilla.suse.com/1225502 SUSE Bug 1225502 https://bugzilla.suse.com/1225579 SUSE Bug 1225579 https://bugzilla.suse.com/1225593 SUSE Bug 1225593 https://bugzilla.suse.com/1225692 SUSE Bug 1225692 https://bugzilla.suse.com/1225694 SUSE Bug 1225694 https://bugzilla.suse.com/1225695 SUSE Bug 1225695 https://bugzilla.suse.com/1225698 SUSE Bug 1225698 https://bugzilla.suse.com/1225699 SUSE Bug 1225699 https://bugzilla.suse.com/1225704 SUSE Bug 1225704 https://bugzilla.suse.com/1225705 SUSE Bug 1225705 https://bugzilla.suse.com/1225708 SUSE Bug 1225708 https://bugzilla.suse.com/1225710 SUSE Bug 1225710 https://bugzilla.suse.com/1225715 SUSE Bug 1225715 https://bugzilla.suse.com/1225720 SUSE Bug 1225720 https://bugzilla.suse.com/1225722 SUSE Bug 1225722 https://bugzilla.suse.com/1225728 SUSE Bug 1225728 https://bugzilla.suse.com/1225734 SUSE Bug 1225734 https://bugzilla.suse.com/1225735 SUSE Bug 1225735 https://bugzilla.suse.com/1225736 SUSE Bug 1225736 https://bugzilla.suse.com/1225743 SUSE Bug 1225743 https://bugzilla.suse.com/1225747 SUSE Bug 1225747 https://bugzilla.suse.com/1225748 SUSE Bug 1225748 https://bugzilla.suse.com/1225749 SUSE Bug 1225749 https://bugzilla.suse.com/1225750 SUSE Bug 1225750 https://bugzilla.suse.com/1225769 SUSE Bug 1225769 https://bugzilla.suse.com/1225775 SUSE Bug 1225775 https://bugzilla.suse.com/1225820 SUSE Bug 1225820 https://bugzilla.suse.com/1225897 SUSE Bug 1225897 https://bugzilla.suse.com/1226980 SUSE Bug 1226980 https://bugzilla.suse.com/1227445 SUSE Bug 1227445 https://bugzilla.suse.com/1228526 SUSE Bug 1228526 https://bugzilla.suse.com/1228592 SUSE Bug 1228592 https://bugzilla.suse.com/1229025 SUSE Bug 1229025 https://bugzilla.suse.com/1229809 SUSE Bug 1229809 https://bugzilla.suse.com/1229833 SUSE Bug 1229833 https://bugzilla.suse.com/1230205 SUSE Bug 1230205 https://bugzilla.suse.com/1230697 SUSE Bug 1230697 https://bugzilla.suse.com/1231016 SUSE Bug 1231016 https://bugzilla.suse.com/1231854 SUSE Bug 1231854 https://bugzilla.suse.com/1231909 SUSE Bug 1231909 https://bugzilla.suse.com/1231963 SUSE Bug 1231963 https://bugzilla.suse.com/1232087 SUSE Bug 1232087 https://bugzilla.suse.com/1232101 SUSE Bug 1232101 https://bugzilla.suse.com/1232158 SUSE Bug 1232158 https://bugzilla.suse.com/1232161 SUSE Bug 1232161 https://bugzilla.suse.com/1232193 SUSE Bug 1232193 https://bugzilla.suse.com/1232198 SUSE Bug 1232198 https://bugzilla.suse.com/1232201 SUSE Bug 1232201 https://bugzilla.suse.com/1232418 SUSE Bug 1232418 https://bugzilla.suse.com/1232419 SUSE Bug 1232419 https://bugzilla.suse.com/1232420 SUSE Bug 1232420 https://bugzilla.suse.com/1232421 SUSE Bug 1232421 https://bugzilla.suse.com/1232436 SUSE Bug 1232436 https://bugzilla.suse.com/1232882 SUSE Bug 1232882 https://bugzilla.suse.com/1233038 SUSE Bug 1233038 https://bugzilla.suse.com/1233055 SUSE Bug 1233055 https://bugzilla.suse.com/1233070 SUSE Bug 1233070 https://bugzilla.suse.com/1233096 SUSE Bug 1233096 https://bugzilla.suse.com/1233112 SUSE Bug 1233112 https://bugzilla.suse.com/1233200 SUSE Bug 1233200 https://bugzilla.suse.com/1233204 SUSE Bug 1233204 https://bugzilla.suse.com/1233239 SUSE Bug 1233239 https://bugzilla.suse.com/1233259 SUSE Bug 1233259 https://bugzilla.suse.com/1233260 SUSE Bug 1233260 https://bugzilla.suse.com/1233324 SUSE Bug 1233324 https://bugzilla.suse.com/1233328 SUSE Bug 1233328 https://bugzilla.suse.com/1233461 SUSE Bug 1233461 https://bugzilla.suse.com/1233467 SUSE Bug 1233467 https://bugzilla.suse.com/1233469 SUSE Bug 1233469 https://bugzilla.suse.com/1233488 SUSE Bug 1233488 https://bugzilla.suse.com/1233546 SUSE Bug 1233546 https://bugzilla.suse.com/1233558 SUSE Bug 1233558 https://bugzilla.suse.com/1233637 SUSE Bug 1233637 https://bugzilla.suse.com/1233638 SUSE Bug 1233638 https://bugzilla.suse.com/1233642 SUSE Bug 1233642 https://bugzilla.suse.com/1233772 SUSE Bug 1233772 https://bugzilla.suse.com/1233778 SUSE Bug 1233778 https://bugzilla.suse.com/1233837 SUSE Bug 1233837 https://bugzilla.suse.com/1234024 SUSE Bug 1234024 https://bugzilla.suse.com/1234069 SUSE Bug 1234069 https://bugzilla.suse.com/1234071 SUSE Bug 1234071 https://bugzilla.suse.com/1234073 SUSE Bug 1234073 https://bugzilla.suse.com/1234075 SUSE Bug 1234075 https://bugzilla.suse.com/1234076 SUSE Bug 1234076 https://bugzilla.suse.com/1234077 SUSE Bug 1234077 https://bugzilla.suse.com/1234079 SUSE Bug 1234079 https://bugzilla.suse.com/1234086 SUSE Bug 1234086 https://bugzilla.suse.com/1234139 SUSE Bug 1234139 https://bugzilla.suse.com/1234140 SUSE Bug 1234140 https://bugzilla.suse.com/1234141 SUSE Bug 1234141 https://bugzilla.suse.com/1234142 SUSE Bug 1234142 https://bugzilla.suse.com/1234143 SUSE Bug 1234143 https://bugzilla.suse.com/1234144 SUSE Bug 1234144 https://bugzilla.suse.com/1234145 SUSE Bug 1234145 https://bugzilla.suse.com/1234146 SUSE Bug 1234146 https://bugzilla.suse.com/1234147 SUSE Bug 1234147 https://bugzilla.suse.com/1234148 SUSE Bug 1234148 https://bugzilla.suse.com/1234149 SUSE Bug 1234149 https://bugzilla.suse.com/1234150 SUSE Bug 1234150 https://bugzilla.suse.com/1234153 SUSE Bug 1234153 https://bugzilla.suse.com/1234155 SUSE Bug 1234155 https://bugzilla.suse.com/1234156 SUSE Bug 1234156 https://bugzilla.suse.com/1234158 SUSE Bug 1234158 https://bugzilla.suse.com/1234159 SUSE Bug 1234159 https://bugzilla.suse.com/1234160 SUSE Bug 1234160 https://bugzilla.suse.com/1234161 SUSE Bug 1234161 https://bugzilla.suse.com/1234162 SUSE Bug 1234162 https://bugzilla.suse.com/1234163 SUSE Bug 1234163 https://bugzilla.suse.com/1234164 SUSE Bug 1234164 https://bugzilla.suse.com/1234165 SUSE Bug 1234165 https://bugzilla.suse.com/1234166 SUSE Bug 1234166 https://bugzilla.suse.com/1234167 SUSE Bug 1234167 https://bugzilla.suse.com/1234168 SUSE Bug 1234168 https://bugzilla.suse.com/1234169 SUSE Bug 1234169 https://bugzilla.suse.com/1234170 SUSE Bug 1234170 https://bugzilla.suse.com/1234171 SUSE Bug 1234171 https://bugzilla.suse.com/1234172 SUSE Bug 1234172 https://bugzilla.suse.com/1234173 SUSE Bug 1234173 https://bugzilla.suse.com/1234174 SUSE Bug 1234174 https://bugzilla.suse.com/1234175 SUSE Bug 1234175 https://bugzilla.suse.com/1234176 SUSE Bug 1234176 https://bugzilla.suse.com/1234177 SUSE Bug 1234177 https://bugzilla.suse.com/1234178 SUSE Bug 1234178 https://bugzilla.suse.com/1234179 SUSE Bug 1234179 https://bugzilla.suse.com/1234180 SUSE Bug 1234180 https://bugzilla.suse.com/1234181 SUSE Bug 1234181 https://bugzilla.suse.com/1234182 SUSE Bug 1234182 https://bugzilla.suse.com/1234183 SUSE Bug 1234183 https://bugzilla.suse.com/1234184 SUSE Bug 1234184 https://bugzilla.suse.com/1234185 SUSE Bug 1234185 https://bugzilla.suse.com/1234186 SUSE Bug 1234186 https://bugzilla.suse.com/1234187 SUSE Bug 1234187 https://bugzilla.suse.com/1234188 SUSE Bug 1234188 https://bugzilla.suse.com/1234189 SUSE Bug 1234189 https://bugzilla.suse.com/1234190 SUSE Bug 1234190 https://bugzilla.suse.com/1234191 SUSE Bug 1234191 https://bugzilla.suse.com/1234192 SUSE Bug 1234192 https://bugzilla.suse.com/1234193 SUSE Bug 1234193 https://bugzilla.suse.com/1234194 SUSE Bug 1234194 https://bugzilla.suse.com/1234195 SUSE Bug 1234195 https://bugzilla.suse.com/1234196 SUSE Bug 1234196 https://bugzilla.suse.com/1234197 SUSE Bug 1234197 https://bugzilla.suse.com/1234198 SUSE Bug 1234198 https://bugzilla.suse.com/1234199 SUSE Bug 1234199 https://bugzilla.suse.com/1234200 SUSE Bug 1234200 https://bugzilla.suse.com/1234201 SUSE Bug 1234201 https://bugzilla.suse.com/1234203 SUSE Bug 1234203 https://bugzilla.suse.com/1234204 SUSE Bug 1234204 https://bugzilla.suse.com/1234205 SUSE Bug 1234205 https://bugzilla.suse.com/1234207 SUSE Bug 1234207 https://bugzilla.suse.com/1234208 SUSE Bug 1234208 https://bugzilla.suse.com/1234209 SUSE Bug 1234209 https://bugzilla.suse.com/1234219 SUSE Bug 1234219 https://bugzilla.suse.com/1234220 SUSE Bug 1234220 https://bugzilla.suse.com/1234221 SUSE Bug 1234221 https://bugzilla.suse.com/1234237 SUSE Bug 1234237 https://bugzilla.suse.com/1234238 SUSE Bug 1234238 https://bugzilla.suse.com/1234239 SUSE Bug 1234239 https://bugzilla.suse.com/1234240 SUSE Bug 1234240 https://bugzilla.suse.com/1234241 SUSE Bug 1234241 https://bugzilla.suse.com/1234242 SUSE Bug 1234242 https://bugzilla.suse.com/1234243 SUSE Bug 1234243 https://bugzilla.suse.com/1234278 SUSE Bug 1234278 https://bugzilla.suse.com/1234279 SUSE Bug 1234279 https://bugzilla.suse.com/1234280 SUSE Bug 1234280 https://bugzilla.suse.com/1234281 SUSE Bug 1234281 https://bugzilla.suse.com/1234282 SUSE Bug 1234282 https://bugzilla.suse.com/1234294 SUSE Bug 1234294 https://bugzilla.suse.com/1234338 SUSE Bug 1234338 https://bugzilla.suse.com/1234357 SUSE Bug 1234357 https://bugzilla.suse.com/1234381 SUSE Bug 1234381 https://bugzilla.suse.com/1234454 SUSE Bug 1234454 https://bugzilla.suse.com/1234464 SUSE Bug 1234464 https://bugzilla.suse.com/1234605 SUSE Bug 1234605 https://bugzilla.suse.com/1234619 SUSE Bug 1234619 https://bugzilla.suse.com/1234635 SUSE Bug 1234635 https://bugzilla.suse.com/1234651 SUSE Bug 1234651 https://bugzilla.suse.com/1234652 SUSE Bug 1234652 https://bugzilla.suse.com/1234654 SUSE Bug 1234654 https://bugzilla.suse.com/1234655 SUSE Bug 1234655 https://bugzilla.suse.com/1234657 SUSE Bug 1234657 https://bugzilla.suse.com/1234658 SUSE Bug 1234658 https://bugzilla.suse.com/1234659 SUSE Bug 1234659 https://bugzilla.suse.com/1234668 SUSE Bug 1234668 https://bugzilla.suse.com/1234683 SUSE Bug 1234683 https://bugzilla.suse.com/1234690 SUSE Bug 1234690 https://bugzilla.suse.com/1234693 SUSE Bug 1234693 https://bugzilla.suse.com/1234725 SUSE Bug 1234725 https://bugzilla.suse.com/1234726 SUSE Bug 1234726 https://bugzilla.suse.com/1234810 SUSE Bug 1234810 https://bugzilla.suse.com/1234811 SUSE Bug 1234811 https://bugzilla.suse.com/1234825 SUSE Bug 1234825 https://bugzilla.suse.com/1234826 SUSE Bug 1234826 https://bugzilla.suse.com/1234827 SUSE Bug 1234827 https://bugzilla.suse.com/1234829 SUSE Bug 1234829 https://bugzilla.suse.com/1234832 SUSE Bug 1234832 https://bugzilla.suse.com/1234834 SUSE Bug 1234834 https://bugzilla.suse.com/1234843 SUSE Bug 1234843 https://bugzilla.suse.com/1234846 SUSE Bug 1234846 https://bugzilla.suse.com/1234848 SUSE Bug 1234848 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1234855 SUSE Bug 1234855 https://bugzilla.suse.com/1234856 SUSE Bug 1234856 https://bugzilla.suse.com/1234863 SUSE Bug 1234863 https://bugzilla.suse.com/1234884 SUSE Bug 1234884 https://bugzilla.suse.com/1234887 SUSE Bug 1234887 https://bugzilla.suse.com/1234888 SUSE Bug 1234888 https://bugzilla.suse.com/1234889 SUSE Bug 1234889 https://bugzilla.suse.com/1234891 SUSE Bug 1234891 https://bugzilla.suse.com/1234893 SUSE Bug 1234893 https://bugzilla.suse.com/1234898 SUSE Bug 1234898 https://bugzilla.suse.com/1234899 SUSE Bug 1234899 https://bugzilla.suse.com/1234900 SUSE Bug 1234900 https://bugzilla.suse.com/1234901 SUSE Bug 1234901 https://bugzilla.suse.com/1234905 SUSE Bug 1234905 https://bugzilla.suse.com/1234906 SUSE Bug 1234906 https://bugzilla.suse.com/1234907 SUSE Bug 1234907 https://bugzilla.suse.com/1234909 SUSE Bug 1234909 https://bugzilla.suse.com/1234911 SUSE Bug 1234911 https://bugzilla.suse.com/1234912 SUSE Bug 1234912 https://bugzilla.suse.com/1234916 SUSE Bug 1234916 https://bugzilla.suse.com/1234918 SUSE Bug 1234918 https://bugzilla.suse.com/1234920 SUSE Bug 1234920 https://bugzilla.suse.com/1234921 SUSE Bug 1234921 https://bugzilla.suse.com/1234922 SUSE Bug 1234922 https://bugzilla.suse.com/1234923 SUSE Bug 1234923 https://bugzilla.suse.com/1234929 SUSE Bug 1234929 https://bugzilla.suse.com/1234930 SUSE Bug 1234930 https://bugzilla.suse.com/1234931 SUSE Bug 1234931 https://bugzilla.suse.com/1234934 SUSE Bug 1234934 https://bugzilla.suse.com/1234937 SUSE Bug 1234937 https://bugzilla.suse.com/1234947 SUSE Bug 1234947 https://bugzilla.suse.com/1234948 SUSE Bug 1234948 https://bugzilla.suse.com/1234950 SUSE Bug 1234950 https://bugzilla.suse.com/1234952 SUSE Bug 1234952 https://bugzilla.suse.com/1234957 SUSE Bug 1234957 https://bugzilla.suse.com/1234960 SUSE Bug 1234960 https://bugzilla.suse.com/1234962 SUSE Bug 1234962 https://bugzilla.suse.com/1234963 SUSE Bug 1234963 https://bugzilla.suse.com/1234968 SUSE Bug 1234968 https://bugzilla.suse.com/1234969 SUSE Bug 1234969 https://bugzilla.suse.com/1234970 SUSE Bug 1234970 https://bugzilla.suse.com/1234971 SUSE Bug 1234971 https://bugzilla.suse.com/1234973 SUSE Bug 1234973 https://bugzilla.suse.com/1234974 SUSE Bug 1234974 https://bugzilla.suse.com/1234989 SUSE Bug 1234989 https://bugzilla.suse.com/1234999 SUSE Bug 1234999 https://bugzilla.suse.com/1235000 SUSE Bug 1235000 https://bugzilla.suse.com/1235001 SUSE Bug 1235001 https://bugzilla.suse.com/1235002 SUSE Bug 1235002 https://bugzilla.suse.com/1235003 SUSE Bug 1235003 https://bugzilla.suse.com/1235004 SUSE Bug 1235004 https://bugzilla.suse.com/1235007 SUSE Bug 1235007 https://bugzilla.suse.com/1235009 SUSE Bug 1235009 https://bugzilla.suse.com/1235011 SUSE Bug 1235011 https://bugzilla.suse.com/1235016 SUSE Bug 1235016 https://bugzilla.suse.com/1235019 SUSE Bug 1235019 https://bugzilla.suse.com/1235031 SUSE Bug 1235031 https://bugzilla.suse.com/1235032 SUSE Bug 1235032 https://bugzilla.suse.com/1235033 SUSE Bug 1235033 https://bugzilla.suse.com/1235035 SUSE Bug 1235035 https://bugzilla.suse.com/1235037 SUSE Bug 1235037 https://bugzilla.suse.com/1235038 SUSE Bug 1235038 https://bugzilla.suse.com/1235039 SUSE Bug 1235039 https://bugzilla.suse.com/1235040 SUSE Bug 1235040 https://bugzilla.suse.com/1235042 SUSE Bug 1235042 https://bugzilla.suse.com/1235043 SUSE Bug 1235043 https://bugzilla.suse.com/1235045 SUSE Bug 1235045 https://bugzilla.suse.com/1235046 SUSE Bug 1235046 https://bugzilla.suse.com/1235050 SUSE Bug 1235050 https://bugzilla.suse.com/1235051 SUSE Bug 1235051 https://bugzilla.suse.com/1235053 SUSE Bug 1235053 https://bugzilla.suse.com/1235054 SUSE Bug 1235054 https://bugzilla.suse.com/1235056 SUSE Bug 1235056 https://bugzilla.suse.com/1235057 SUSE Bug 1235057 https://bugzilla.suse.com/1235059 SUSE Bug 1235059 https://bugzilla.suse.com/1235061 SUSE Bug 1235061 https://bugzilla.suse.com/1235065 SUSE Bug 1235065 https://bugzilla.suse.com/1235070 SUSE Bug 1235070 https://bugzilla.suse.com/1235073 SUSE Bug 1235073 https://bugzilla.suse.com/1235075 SUSE Bug 1235075 https://bugzilla.suse.com/1235100 SUSE Bug 1235100 https://bugzilla.suse.com/1235108 SUSE Bug 1235108 https://bugzilla.suse.com/1235112 SUSE Bug 1235112 https://bugzilla.suse.com/1235115 SUSE Bug 1235115 https://bugzilla.suse.com/1235117 SUSE Bug 1235117 https://bugzilla.suse.com/1235122 SUSE Bug 1235122 https://bugzilla.suse.com/1235123 SUSE Bug 1235123 https://bugzilla.suse.com/1235125 SUSE Bug 1235125 https://bugzilla.suse.com/1235128 SUSE Bug 1235128 https://bugzilla.suse.com/1235132 SUSE Bug 1235132 https://bugzilla.suse.com/1235133 SUSE Bug 1235133 https://bugzilla.suse.com/1235134 SUSE Bug 1235134 https://bugzilla.suse.com/1235138 SUSE Bug 1235138 https://bugzilla.suse.com/1235155 SUSE Bug 1235155 https://bugzilla.suse.com/1235160 SUSE Bug 1235160 https://bugzilla.suse.com/1235217 SUSE Bug 1235217 https://bugzilla.suse.com/1235219 SUSE Bug 1235219 https://bugzilla.suse.com/1235220 SUSE Bug 1235220 https://bugzilla.suse.com/1235222 SUSE Bug 1235222 https://bugzilla.suse.com/1235223 SUSE Bug 1235223 https://bugzilla.suse.com/1235224 SUSE Bug 1235224 https://bugzilla.suse.com/1235227 SUSE Bug 1235227 https://bugzilla.suse.com/1235230 SUSE Bug 1235230 https://bugzilla.suse.com/1235241 SUSE Bug 1235241 https://bugzilla.suse.com/1235246 SUSE Bug 1235246 https://bugzilla.suse.com/1235249 SUSE Bug 1235249 https://bugzilla.suse.com/1235251 SUSE Bug 1235251 https://bugzilla.suse.com/1235252 SUSE Bug 1235252 https://bugzilla.suse.com/1235389 SUSE Bug 1235389 https://bugzilla.suse.com/1235390 SUSE Bug 1235390 https://bugzilla.suse.com/1235391 SUSE Bug 1235391 https://bugzilla.suse.com/1235406 SUSE Bug 1235406 https://bugzilla.suse.com/1235409 SUSE Bug 1235409 https://bugzilla.suse.com/1235410 SUSE Bug 1235410 https://bugzilla.suse.com/1235412 SUSE Bug 1235412 https://bugzilla.suse.com/1235413 SUSE Bug 1235413 https://bugzilla.suse.com/1235415 SUSE Bug 1235415 https://bugzilla.suse.com/1235416 SUSE Bug 1235416 https://bugzilla.suse.com/1235417 SUSE Bug 1235417 https://bugzilla.suse.com/1235418 SUSE Bug 1235418 https://bugzilla.suse.com/1235423 SUSE Bug 1235423 https://bugzilla.suse.com/1235424 SUSE Bug 1235424 https://bugzilla.suse.com/1235425 SUSE Bug 1235425 https://bugzilla.suse.com/1235426 SUSE Bug 1235426 https://bugzilla.suse.com/1235427 SUSE Bug 1235427 https://bugzilla.suse.com/1235428 SUSE Bug 1235428 https://bugzilla.suse.com/1235429 SUSE Bug 1235429 https://bugzilla.suse.com/1235430 SUSE Bug 1235430 https://bugzilla.suse.com/1235433 SUSE Bug 1235433 https://bugzilla.suse.com/1235437 SUSE Bug 1235437 https://bugzilla.suse.com/1235439 SUSE Bug 1235439 https://bugzilla.suse.com/1235444 SUSE Bug 1235444 https://bugzilla.suse.com/1235445 SUSE Bug 1235445 https://bugzilla.suse.com/1235449 SUSE Bug 1235449 https://bugzilla.suse.com/1235451 SUSE Bug 1235451 https://bugzilla.suse.com/1235454 SUSE Bug 1235454 https://bugzilla.suse.com/1235458 SUSE Bug 1235458 https://bugzilla.suse.com/1235459 SUSE Bug 1235459 https://bugzilla.suse.com/1235464 SUSE Bug 1235464 https://bugzilla.suse.com/1235466 SUSE Bug 1235466 https://bugzilla.suse.com/1235473 SUSE Bug 1235473 https://bugzilla.suse.com/1235479 SUSE Bug 1235479 https://bugzilla.suse.com/1235480 SUSE Bug 1235480 https://bugzilla.suse.com/1235483 SUSE Bug 1235483 https://bugzilla.suse.com/1235486 SUSE Bug 1235486 https://bugzilla.suse.com/1235487 SUSE Bug 1235487 https://bugzilla.suse.com/1235488 SUSE Bug 1235488 https://bugzilla.suse.com/1235489 SUSE Bug 1235489 https://bugzilla.suse.com/1235491 SUSE Bug 1235491 https://bugzilla.suse.com/1235494 SUSE Bug 1235494 https://bugzilla.suse.com/1235495 SUSE Bug 1235495 https://bugzilla.suse.com/1235496 SUSE Bug 1235496 https://bugzilla.suse.com/1235497 SUSE Bug 1235497 https://bugzilla.suse.com/1235498 SUSE Bug 1235498 https://bugzilla.suse.com/1235500 SUSE Bug 1235500 https://bugzilla.suse.com/1235502 SUSE Bug 1235502 https://bugzilla.suse.com/1235503 SUSE Bug 1235503 https://bugzilla.suse.com/1235507 SUSE Bug 1235507 https://bugzilla.suse.com/1235519 SUSE Bug 1235519 https://bugzilla.suse.com/1235520 SUSE Bug 1235520 https://bugzilla.suse.com/1235521 SUSE Bug 1235521 https://bugzilla.suse.com/1235523 SUSE Bug 1235523 https://bugzilla.suse.com/1235526 SUSE Bug 1235526 https://bugzilla.suse.com/1235528 SUSE Bug 1235528 https://bugzilla.suse.com/1235532 SUSE Bug 1235532 https://bugzilla.suse.com/1235533 SUSE Bug 1235533 https://bugzilla.suse.com/1235534 SUSE Bug 1235534 https://bugzilla.suse.com/1235537 SUSE Bug 1235537 https://bugzilla.suse.com/1235538 SUSE Bug 1235538 https://bugzilla.suse.com/1235545 SUSE Bug 1235545 https://bugzilla.suse.com/1235550 SUSE Bug 1235550 https://bugzilla.suse.com/1235552 SUSE Bug 1235552 https://bugzilla.suse.com/1235555 SUSE Bug 1235555 https://bugzilla.suse.com/1235557 SUSE Bug 1235557 https://bugzilla.suse.com/1235563 SUSE Bug 1235563 https://bugzilla.suse.com/1235564 SUSE Bug 1235564 https://bugzilla.suse.com/1235565 SUSE Bug 1235565 https://bugzilla.suse.com/1235568 SUSE Bug 1235568 https://bugzilla.suse.com/1235570 SUSE Bug 1235570 https://bugzilla.suse.com/1235571 SUSE Bug 1235571 https://bugzilla.suse.com/1235577 SUSE Bug 1235577 https://bugzilla.suse.com/1235578 SUSE Bug 1235578 https://bugzilla.suse.com/1235582 SUSE Bug 1235582 https://bugzilla.suse.com/1235583 SUSE Bug 1235583 https://bugzilla.suse.com/1235584 SUSE Bug 1235584 https://bugzilla.suse.com/1235587 SUSE Bug 1235587 https://bugzilla.suse.com/1235611 SUSE Bug 1235611 https://bugzilla.suse.com/1235612 SUSE Bug 1235612 https://bugzilla.suse.com/1235616 SUSE Bug 1235616 https://bugzilla.suse.com/1235622 SUSE Bug 1235622 https://bugzilla.suse.com/1235627 SUSE Bug 1235627 https://bugzilla.suse.com/1235632 SUSE Bug 1235632 https://bugzilla.suse.com/1235635 SUSE Bug 1235635 https://bugzilla.suse.com/1235638 SUSE Bug 1235638 https://bugzilla.suse.com/1235641 SUSE Bug 1235641 https://bugzilla.suse.com/1235643 SUSE Bug 1235643 https://bugzilla.suse.com/1235645 SUSE Bug 1235645 https://bugzilla.suse.com/1235646 SUSE Bug 1235646 https://bugzilla.suse.com/1235647 SUSE Bug 1235647 https://bugzilla.suse.com/1235650 SUSE Bug 1235650 https://bugzilla.suse.com/1235653 SUSE Bug 1235653 https://bugzilla.suse.com/1235656 SUSE Bug 1235656 https://bugzilla.suse.com/1235657 SUSE Bug 1235657 https://bugzilla.suse.com/1235663 SUSE Bug 1235663 https://bugzilla.suse.com/1235686 SUSE Bug 1235686 https://bugzilla.suse.com/1235700 SUSE Bug 1235700 https://bugzilla.suse.com/1235705 SUSE Bug 1235705 https://bugzilla.suse.com/1235707 SUSE Bug 1235707 https://bugzilla.suse.com/1235708 SUSE Bug 1235708 https://bugzilla.suse.com/1235710 SUSE Bug 1235710 https://bugzilla.suse.com/1235714 SUSE Bug 1235714 https://bugzilla.suse.com/1235716 SUSE Bug 1235716 https://bugzilla.suse.com/1235720 SUSE Bug 1235720 https://bugzilla.suse.com/1235723 SUSE Bug 1235723 https://bugzilla.suse.com/1235727 SUSE Bug 1235727 https://bugzilla.suse.com/1235730 SUSE Bug 1235730 https://bugzilla.suse.com/1235737 SUSE Bug 1235737 https://bugzilla.suse.com/1235739 SUSE Bug 1235739 https://bugzilla.suse.com/1235745 SUSE Bug 1235745 https://bugzilla.suse.com/1235747 SUSE Bug 1235747 https://bugzilla.suse.com/1235750 SUSE Bug 1235750 https://bugzilla.suse.com/1235753 SUSE Bug 1235753 https://bugzilla.suse.com/1235759 SUSE Bug 1235759 https://bugzilla.suse.com/1235764 SUSE Bug 1235764 https://bugzilla.suse.com/1235768 SUSE Bug 1235768 https://bugzilla.suse.com/1235776 SUSE Bug 1235776 https://bugzilla.suse.com/1235777 SUSE Bug 1235777 https://bugzilla.suse.com/1235778 SUSE Bug 1235778 https://bugzilla.suse.com/1235779 SUSE Bug 1235779 https://bugzilla.suse.com/1235793 SUSE Bug 1235793 https://bugzilla.suse.com/1235798 SUSE Bug 1235798 https://bugzilla.suse.com/1235806 SUSE Bug 1235806 https://bugzilla.suse.com/1235808 SUSE Bug 1235808 https://bugzilla.suse.com/1235812 SUSE Bug 1235812 https://bugzilla.suse.com/1235814 SUSE Bug 1235814 https://bugzilla.suse.com/1235818 SUSE Bug 1235818 https://bugzilla.suse.com/1235842 SUSE Bug 1235842 https://bugzilla.suse.com/1235865 SUSE Bug 1235865 https://bugzilla.suse.com/1235894 SUSE Bug 1235894 https://bugzilla.suse.com/1235902 SUSE Bug 1235902 https://bugzilla.suse.com/1235903 SUSE Bug 1235903 https://bugzilla.suse.com/1235906 SUSE Bug 1235906 https://bugzilla.suse.com/1235918 SUSE Bug 1235918 https://bugzilla.suse.com/1235919 SUSE Bug 1235919 https://bugzilla.suse.com/1235920 SUSE Bug 1235920 https://bugzilla.suse.com/1235924 SUSE Bug 1235924 https://bugzilla.suse.com/1235940 SUSE Bug 1235940 https://bugzilla.suse.com/1235941 SUSE Bug 1235941 https://bugzilla.suse.com/1235946 SUSE Bug 1235946 https://bugzilla.suse.com/1235948 SUSE Bug 1235948 https://bugzilla.suse.com/1235952 SUSE Bug 1235952 https://bugzilla.suse.com/1235964 SUSE Bug 1235964 https://bugzilla.suse.com/1235965 SUSE Bug 1235965 https://bugzilla.suse.com/1235967 SUSE Bug 1235967 https://bugzilla.suse.com/1235969 SUSE Bug 1235969 https://bugzilla.suse.com/1235976 SUSE Bug 1235976 https://bugzilla.suse.com/1235977 SUSE Bug 1235977 https://bugzilla.suse.com/1236078 SUSE Bug 1236078 https://bugzilla.suse.com/1236080 SUSE Bug 1236080 https://bugzilla.suse.com/1236082 SUSE Bug 1236082 https://bugzilla.suse.com/1236088 SUSE Bug 1236088 https://bugzilla.suse.com/1236090 SUSE Bug 1236090 https://bugzilla.suse.com/1236091 SUSE Bug 1236091 https://bugzilla.suse.com/1236096 SUSE Bug 1236096 https://bugzilla.suse.com/1236097 SUSE Bug 1236097 https://bugzilla.suse.com/1236098 SUSE Bug 1236098 https://bugzilla.suse.com/1236101 SUSE Bug 1236101 https://bugzilla.suse.com/1236102 SUSE Bug 1236102 https://bugzilla.suse.com/1236104 SUSE Bug 1236104 https://bugzilla.suse.com/1236106 SUSE Bug 1236106 https://bugzilla.suse.com/1236120 SUSE Bug 1236120 https://bugzilla.suse.com/1236125 SUSE Bug 1236125 https://bugzilla.suse.com/1236127 SUSE Bug 1236127 https://bugzilla.suse.com/1236131 SUSE Bug 1236131 https://bugzilla.suse.com/1236138 SUSE Bug 1236138 https://bugzilla.suse.com/1236143 SUSE Bug 1236143 https://bugzilla.suse.com/1236144 SUSE Bug 1236144 https://bugzilla.suse.com/1236145 SUSE Bug 1236145 https://bugzilla.suse.com/1236160 SUSE Bug 1236160 https://bugzilla.suse.com/1236161 SUSE Bug 1236161 https://bugzilla.suse.com/1236163 SUSE Bug 1236163 https://bugzilla.suse.com/1236168 SUSE Bug 1236168 https://bugzilla.suse.com/1236178 SUSE Bug 1236178 https://bugzilla.suse.com/1236180 SUSE Bug 1236180 https://bugzilla.suse.com/1236181 SUSE Bug 1236181 https://bugzilla.suse.com/1236182 SUSE Bug 1236182 https://bugzilla.suse.com/1236190 SUSE Bug 1236190 https://bugzilla.suse.com/1236192 SUSE Bug 1236192 https://bugzilla.suse.com/1236198 SUSE Bug 1236198 https://bugzilla.suse.com/1236227 SUSE Bug 1236227 https://bugzilla.suse.com/1236245 SUSE Bug 1236245 https://bugzilla.suse.com/1236247 SUSE Bug 1236247 https://bugzilla.suse.com/1236248 SUSE Bug 1236248 https://bugzilla.suse.com/1236260 SUSE Bug 1236260 https://bugzilla.suse.com/1236262 SUSE Bug 1236262 https://bugzilla.suse.com/1236628 SUSE Bug 1236628 https://bugzilla.suse.com/1236688 SUSE Bug 1236688 https://bugzilla.suse.com/1236696 SUSE Bug 1236696 https://bugzilla.suse.com/1236703 SUSE Bug 1236703 https://bugzilla.suse.com/1236732 SUSE Bug 1236732 https://bugzilla.suse.com/1236733 SUSE Bug 1236733 https://www.suse.com/security/cve/CVE-2023-47233/ SUSE CVE CVE-2023-47233 page https://www.suse.com/security/cve/CVE-2023-52463/ SUSE CVE CVE-2023-52463 page https://www.suse.com/security/cve/CVE-2023-52472/ SUSE CVE CVE-2023-52472 page https://www.suse.com/security/cve/CVE-2023-52591/ SUSE CVE CVE-2023-52591 page https://www.suse.com/security/cve/CVE-2023-52653/ SUSE CVE CVE-2023-52653 page https://www.suse.com/security/cve/CVE-2023-52657/ SUSE CVE CVE-2023-52657 page https://www.suse.com/security/cve/CVE-2023-52658/ SUSE CVE CVE-2023-52658 page https://www.suse.com/security/cve/CVE-2023-52660/ SUSE CVE CVE-2023-52660 page https://www.suse.com/security/cve/CVE-2023-52661/ SUSE CVE CVE-2023-52661 page https://www.suse.com/security/cve/CVE-2023-52662/ SUSE CVE CVE-2023-52662 page https://www.suse.com/security/cve/CVE-2023-52663/ SUSE CVE CVE-2023-52663 page https://www.suse.com/security/cve/CVE-2023-52664/ SUSE CVE CVE-2023-52664 page https://www.suse.com/security/cve/CVE-2023-52667/ SUSE CVE CVE-2023-52667 page https://www.suse.com/security/cve/CVE-2023-52669/ SUSE CVE CVE-2023-52669 page https://www.suse.com/security/cve/CVE-2023-52670/ SUSE CVE CVE-2023-52670 page https://www.suse.com/security/cve/CVE-2023-52671/ SUSE CVE CVE-2023-52671 page https://www.suse.com/security/cve/CVE-2023-52673/ SUSE CVE CVE-2023-52673 page https://www.suse.com/security/cve/CVE-2023-52675/ SUSE CVE CVE-2023-52675 page https://www.suse.com/security/cve/CVE-2023-52676/ SUSE CVE CVE-2023-52676 page https://www.suse.com/security/cve/CVE-2023-52678/ SUSE CVE CVE-2023-52678 page https://www.suse.com/security/cve/CVE-2023-52679/ SUSE CVE CVE-2023-52679 page https://www.suse.com/security/cve/CVE-2023-52681/ SUSE CVE CVE-2023-52681 page https://www.suse.com/security/cve/CVE-2023-52683/ SUSE CVE CVE-2023-52683 page https://www.suse.com/security/cve/CVE-2023-52685/ SUSE CVE CVE-2023-52685 page https://www.suse.com/security/cve/CVE-2023-52686/ SUSE CVE CVE-2023-52686 page https://www.suse.com/security/cve/CVE-2023-52687/ SUSE CVE CVE-2023-52687 page https://www.suse.com/security/cve/CVE-2023-52690/ SUSE CVE CVE-2023-52690 page https://www.suse.com/security/cve/CVE-2023-52691/ SUSE CVE CVE-2023-52691 page https://www.suse.com/security/cve/CVE-2023-52693/ SUSE CVE CVE-2023-52693 page https://www.suse.com/security/cve/CVE-2023-52694/ SUSE CVE CVE-2023-52694 page https://www.suse.com/security/cve/CVE-2023-52695/ SUSE CVE CVE-2023-52695 page https://www.suse.com/security/cve/CVE-2023-52696/ SUSE CVE CVE-2023-52696 page https://www.suse.com/security/cve/CVE-2023-52697/ SUSE CVE CVE-2023-52697 page https://www.suse.com/security/cve/CVE-2023-52882/ SUSE CVE CVE-2023-52882 page https://www.suse.com/security/cve/CVE-2023-52923/ SUSE CVE CVE-2023-52923 page https://www.suse.com/security/cve/CVE-2024-22099/ SUSE CVE CVE-2024-22099 page https://www.suse.com/security/cve/CVE-2024-26611/ SUSE CVE CVE-2024-26611 page https://www.suse.com/security/cve/CVE-2024-26742/ SUSE CVE CVE-2024-26742 page https://www.suse.com/security/cve/CVE-2024-26761/ SUSE CVE CVE-2024-26761 page https://www.suse.com/security/cve/CVE-2024-26764/ SUSE CVE CVE-2024-26764 page https://www.suse.com/security/cve/CVE-2024-26786/ SUSE CVE CVE-2024-26786 page https://www.suse.com/security/cve/CVE-2024-26794/ SUSE CVE CVE-2024-26794 page https://www.suse.com/security/cve/CVE-2024-26846/ SUSE CVE CVE-2024-26846 page https://www.suse.com/security/cve/CVE-2024-26853/ SUSE CVE CVE-2024-26853 page https://www.suse.com/security/cve/CVE-2024-26854/ SUSE CVE CVE-2024-26854 page https://www.suse.com/security/cve/CVE-2024-26855/ SUSE CVE CVE-2024-26855 page https://www.suse.com/security/cve/CVE-2024-26856/ SUSE CVE CVE-2024-26856 page https://www.suse.com/security/cve/CVE-2024-26857/ SUSE CVE CVE-2024-26857 page https://www.suse.com/security/cve/CVE-2024-26858/ SUSE CVE CVE-2024-26858 page https://www.suse.com/security/cve/CVE-2024-26861/ SUSE CVE CVE-2024-26861 page https://www.suse.com/security/cve/CVE-2024-26866/ SUSE CVE CVE-2024-26866 page https://www.suse.com/security/cve/CVE-2024-26868/ SUSE CVE CVE-2024-26868 page https://www.suse.com/security/cve/CVE-2024-26870/ SUSE CVE CVE-2024-26870 page https://www.suse.com/security/cve/CVE-2024-26881/ SUSE CVE CVE-2024-26881 page https://www.suse.com/security/cve/CVE-2024-26900/ SUSE CVE CVE-2024-26900 page https://www.suse.com/security/cve/CVE-2024-26903/ SUSE CVE CVE-2024-26903 page https://www.suse.com/security/cve/CVE-2024-26922/ SUSE CVE CVE-2024-26922 page https://www.suse.com/security/cve/CVE-2024-26924/ SUSE CVE CVE-2024-26924 page https://www.suse.com/security/cve/CVE-2024-26932/ SUSE CVE CVE-2024-26932 page https://www.suse.com/security/cve/CVE-2024-26934/ SUSE CVE CVE-2024-26934 page https://www.suse.com/security/cve/CVE-2024-26935/ SUSE CVE CVE-2024-26935 page https://www.suse.com/security/cve/CVE-2024-26937/ SUSE CVE CVE-2024-26937 page https://www.suse.com/security/cve/CVE-2024-26938/ SUSE CVE CVE-2024-26938 page https://www.suse.com/security/cve/CVE-2024-26940/ SUSE CVE CVE-2024-26940 page https://www.suse.com/security/cve/CVE-2024-26943/ SUSE CVE CVE-2024-26943 page https://www.suse.com/security/cve/CVE-2024-26949/ SUSE CVE CVE-2024-26949 page https://www.suse.com/security/cve/CVE-2024-26950/ SUSE CVE CVE-2024-26950 page https://www.suse.com/security/cve/CVE-2024-26951/ SUSE CVE CVE-2024-26951 page https://www.suse.com/security/cve/CVE-2024-26957/ SUSE CVE CVE-2024-26957 page https://www.suse.com/security/cve/CVE-2024-26961/ SUSE CVE CVE-2024-26961 page https://www.suse.com/security/cve/CVE-2024-26962/ SUSE CVE CVE-2024-26962 page https://www.suse.com/security/cve/CVE-2024-26963/ SUSE CVE CVE-2024-26963 page https://www.suse.com/security/cve/CVE-2024-26964/ SUSE CVE CVE-2024-26964 page https://www.suse.com/security/cve/CVE-2024-26973/ SUSE CVE CVE-2024-26973 page https://www.suse.com/security/cve/CVE-2024-26983/ SUSE CVE CVE-2024-26983 page https://www.suse.com/security/cve/CVE-2024-26984/ SUSE CVE CVE-2024-26984 page https://www.suse.com/security/cve/CVE-2024-26986/ SUSE CVE CVE-2024-26986 page https://www.suse.com/security/cve/CVE-2024-26988/ SUSE CVE CVE-2024-26988 page https://www.suse.com/security/cve/CVE-2024-26989/ SUSE CVE CVE-2024-26989 page https://www.suse.com/security/cve/CVE-2024-26994/ SUSE CVE CVE-2024-26994 page https://www.suse.com/security/cve/CVE-2024-26995/ SUSE CVE CVE-2024-26995 page https://www.suse.com/security/cve/CVE-2024-26996/ SUSE CVE CVE-2024-26996 page https://www.suse.com/security/cve/CVE-2024-26997/ SUSE CVE CVE-2024-26997 page https://www.suse.com/security/cve/CVE-2024-26999/ SUSE CVE CVE-2024-26999 page https://www.suse.com/security/cve/CVE-2024-27000/ SUSE CVE CVE-2024-27000 page https://www.suse.com/security/cve/CVE-2024-27001/ SUSE CVE CVE-2024-27001 page https://www.suse.com/security/cve/CVE-2024-27002/ SUSE CVE CVE-2024-27002 page https://www.suse.com/security/cve/CVE-2024-27003/ SUSE CVE CVE-2024-27003 page https://www.suse.com/security/cve/CVE-2024-27004/ SUSE CVE CVE-2024-27004 page https://www.suse.com/security/cve/CVE-2024-27008/ SUSE CVE CVE-2024-27008 page https://www.suse.com/security/cve/CVE-2024-27027/ SUSE CVE CVE-2024-27027 page https://www.suse.com/security/cve/CVE-2024-27028/ SUSE CVE CVE-2024-27028 page https://www.suse.com/security/cve/CVE-2024-27029/ SUSE CVE CVE-2024-27029 page https://www.suse.com/security/cve/CVE-2024-27030/ SUSE CVE CVE-2024-27030 page https://www.suse.com/security/cve/CVE-2024-27031/ SUSE CVE CVE-2024-27031 page https://www.suse.com/security/cve/CVE-2024-27046/ SUSE CVE CVE-2024-27046 page https://www.suse.com/security/cve/CVE-2024-27057/ SUSE CVE CVE-2024-27057 page https://www.suse.com/security/cve/CVE-2024-27062/ SUSE CVE CVE-2024-27062 page https://www.suse.com/security/cve/CVE-2024-27067/ SUSE CVE CVE-2024-27067 page https://www.suse.com/security/cve/CVE-2024-27080/ SUSE CVE CVE-2024-27080 page https://www.suse.com/security/cve/CVE-2024-27388/ SUSE CVE CVE-2024-27388 page https://www.suse.com/security/cve/CVE-2024-27389/ SUSE CVE CVE-2024-27389 page https://www.suse.com/security/cve/CVE-2024-27397/ SUSE CVE CVE-2024-27397 page https://www.suse.com/security/cve/CVE-2024-27398/ SUSE CVE CVE-2024-27398 page https://www.suse.com/security/cve/CVE-2024-27399/ SUSE CVE CVE-2024-27399 page https://www.suse.com/security/cve/CVE-2024-27400/ SUSE CVE CVE-2024-27400 page https://www.suse.com/security/cve/CVE-2024-27405/ SUSE CVE CVE-2024-27405 page https://www.suse.com/security/cve/CVE-2024-27410/ SUSE CVE CVE-2024-27410 page https://www.suse.com/security/cve/CVE-2024-27411/ SUSE CVE CVE-2024-27411 page https://www.suse.com/security/cve/CVE-2024-27412/ SUSE CVE CVE-2024-27412 page https://www.suse.com/security/cve/CVE-2024-27413/ SUSE CVE CVE-2024-27413 page https://www.suse.com/security/cve/CVE-2024-27416/ SUSE CVE CVE-2024-27416 page https://www.suse.com/security/cve/CVE-2024-27432/ SUSE CVE CVE-2024-27432 page https://www.suse.com/security/cve/CVE-2024-27434/ SUSE CVE CVE-2024-27434 page https://www.suse.com/security/cve/CVE-2024-27435/ SUSE CVE CVE-2024-27435 page https://www.suse.com/security/cve/CVE-2024-27436/ SUSE CVE CVE-2024-27436 page https://www.suse.com/security/cve/CVE-2024-35784/ SUSE CVE CVE-2024-35784 page https://www.suse.com/security/cve/CVE-2024-35786/ SUSE CVE CVE-2024-35786 page https://www.suse.com/security/cve/CVE-2024-35788/ SUSE CVE CVE-2024-35788 page https://www.suse.com/security/cve/CVE-2024-35789/ SUSE CVE CVE-2024-35789 page https://www.suse.com/security/cve/CVE-2024-35790/ SUSE CVE CVE-2024-35790 page https://www.suse.com/security/cve/CVE-2024-35794/ SUSE CVE CVE-2024-35794 page https://www.suse.com/security/cve/CVE-2024-35795/ SUSE CVE CVE-2024-35795 page https://www.suse.com/security/cve/CVE-2024-35796/ SUSE CVE CVE-2024-35796 page https://www.suse.com/security/cve/CVE-2024-35799/ SUSE CVE CVE-2024-35799 page https://www.suse.com/security/cve/CVE-2024-35800/ SUSE CVE CVE-2024-35800 page https://www.suse.com/security/cve/CVE-2024-35801/ SUSE CVE CVE-2024-35801 page https://www.suse.com/security/cve/CVE-2024-35806/ SUSE CVE CVE-2024-35806 page https://www.suse.com/security/cve/CVE-2024-35808/ SUSE CVE CVE-2024-35808 page https://www.suse.com/security/cve/CVE-2024-35809/ SUSE CVE CVE-2024-35809 page https://www.suse.com/security/cve/CVE-2024-35810/ SUSE CVE CVE-2024-35810 page https://www.suse.com/security/cve/CVE-2024-35811/ SUSE CVE CVE-2024-35811 page https://www.suse.com/security/cve/CVE-2024-35812/ SUSE CVE CVE-2024-35812 page https://www.suse.com/security/cve/CVE-2024-35813/ SUSE CVE CVE-2024-35813 page https://www.suse.com/security/cve/CVE-2024-35815/ SUSE CVE CVE-2024-35815 page https://www.suse.com/security/cve/CVE-2024-35817/ SUSE CVE CVE-2024-35817 page https://www.suse.com/security/cve/CVE-2024-35819/ SUSE CVE CVE-2024-35819 page https://www.suse.com/security/cve/CVE-2024-35821/ SUSE CVE CVE-2024-35821 page https://www.suse.com/security/cve/CVE-2024-35822/ SUSE CVE CVE-2024-35822 page https://www.suse.com/security/cve/CVE-2024-35823/ SUSE CVE CVE-2024-35823 page https://www.suse.com/security/cve/CVE-2024-35824/ SUSE CVE CVE-2024-35824 page https://www.suse.com/security/cve/CVE-2024-35825/ SUSE CVE CVE-2024-35825 page https://www.suse.com/security/cve/CVE-2024-35828/ SUSE CVE CVE-2024-35828 page https://www.suse.com/security/cve/CVE-2024-35829/ SUSE CVE CVE-2024-35829 page https://www.suse.com/security/cve/CVE-2024-35830/ SUSE CVE CVE-2024-35830 page https://www.suse.com/security/cve/CVE-2024-35833/ SUSE CVE CVE-2024-35833 page https://www.suse.com/security/cve/CVE-2024-35834/ SUSE CVE CVE-2024-35834 page https://www.suse.com/security/cve/CVE-2024-35835/ SUSE CVE CVE-2024-35835 page https://www.suse.com/security/cve/CVE-2024-35836/ SUSE CVE CVE-2024-35836 page https://www.suse.com/security/cve/CVE-2024-35837/ SUSE CVE CVE-2024-35837 page https://www.suse.com/security/cve/CVE-2024-35838/ SUSE CVE CVE-2024-35838 page https://www.suse.com/security/cve/CVE-2024-35839/ SUSE CVE CVE-2024-35839 page https://www.suse.com/security/cve/CVE-2024-35841/ SUSE CVE CVE-2024-35841 page https://www.suse.com/security/cve/CVE-2024-35842/ SUSE CVE CVE-2024-35842 page https://www.suse.com/security/cve/CVE-2024-35845/ SUSE CVE CVE-2024-35845 page https://www.suse.com/security/cve/CVE-2024-35847/ SUSE CVE CVE-2024-35847 page https://www.suse.com/security/cve/CVE-2024-35849/ SUSE CVE CVE-2024-35849 page https://www.suse.com/security/cve/CVE-2024-35850/ SUSE CVE CVE-2024-35850 page https://www.suse.com/security/cve/CVE-2024-35851/ SUSE CVE CVE-2024-35851 page https://www.suse.com/security/cve/CVE-2024-35875/ SUSE CVE CVE-2024-35875 page https://www.suse.com/security/cve/CVE-2024-35878/ SUSE CVE CVE-2024-35878 page https://www.suse.com/security/cve/CVE-2024-35879/ SUSE CVE CVE-2024-35879 page https://www.suse.com/security/cve/CVE-2024-35883/ SUSE CVE CVE-2024-35883 page https://www.suse.com/security/cve/CVE-2024-35885/ SUSE CVE CVE-2024-35885 page https://www.suse.com/security/cve/CVE-2024-35887/ SUSE CVE CVE-2024-35887 page https://www.suse.com/security/cve/CVE-2024-35889/ SUSE CVE CVE-2024-35889 page https://www.suse.com/security/cve/CVE-2024-35891/ SUSE CVE CVE-2024-35891 page https://www.suse.com/security/cve/CVE-2024-35901/ SUSE CVE CVE-2024-35901 page https://www.suse.com/security/cve/CVE-2024-35904/ SUSE CVE CVE-2024-35904 page https://www.suse.com/security/cve/CVE-2024-35907/ SUSE CVE CVE-2024-35907 page https://www.suse.com/security/cve/CVE-2024-35909/ SUSE CVE CVE-2024-35909 page https://www.suse.com/security/cve/CVE-2024-35911/ SUSE CVE CVE-2024-35911 page https://www.suse.com/security/cve/CVE-2024-35912/ SUSE CVE CVE-2024-35912 page https://www.suse.com/security/cve/CVE-2024-35914/ SUSE CVE CVE-2024-35914 page https://www.suse.com/security/cve/CVE-2024-35915/ SUSE CVE CVE-2024-35915 page https://www.suse.com/security/cve/CVE-2024-35916/ SUSE CVE CVE-2024-35916 page https://www.suse.com/security/cve/CVE-2024-35922/ SUSE CVE CVE-2024-35922 page https://www.suse.com/security/cve/CVE-2024-35924/ SUSE CVE CVE-2024-35924 page https://www.suse.com/security/cve/CVE-2024-35927/ SUSE CVE CVE-2024-35927 page https://www.suse.com/security/cve/CVE-2024-35928/ SUSE CVE CVE-2024-35928 page https://www.suse.com/security/cve/CVE-2024-35930/ SUSE CVE CVE-2024-35930 page https://www.suse.com/security/cve/CVE-2024-35932/ SUSE CVE CVE-2024-35932 page https://www.suse.com/security/cve/CVE-2024-35933/ SUSE CVE CVE-2024-35933 page https://www.suse.com/security/cve/CVE-2024-35936/ SUSE CVE CVE-2024-35936 page https://www.suse.com/security/cve/CVE-2024-35937/ SUSE CVE CVE-2024-35937 page https://www.suse.com/security/cve/CVE-2024-35938/ SUSE CVE CVE-2024-35938 page https://www.suse.com/security/cve/CVE-2024-35940/ SUSE CVE CVE-2024-35940 page https://www.suse.com/security/cve/CVE-2024-35945/ SUSE CVE CVE-2024-35945 page https://www.suse.com/security/cve/CVE-2024-35946/ SUSE CVE CVE-2024-35946 page https://www.suse.com/security/cve/CVE-2024-35947/ SUSE CVE CVE-2024-35947 page https://www.suse.com/security/cve/CVE-2024-35950/ SUSE CVE CVE-2024-35950 page https://www.suse.com/security/cve/CVE-2024-35951/ SUSE CVE CVE-2024-35951 page https://www.suse.com/security/cve/CVE-2024-35952/ SUSE CVE CVE-2024-35952 page https://www.suse.com/security/cve/CVE-2024-35953/ SUSE CVE CVE-2024-35953 page https://www.suse.com/security/cve/CVE-2024-35954/ SUSE CVE CVE-2024-35954 page https://www.suse.com/security/cve/CVE-2024-35955/ SUSE CVE CVE-2024-35955 page https://www.suse.com/security/cve/CVE-2024-35958/ SUSE CVE CVE-2024-35958 page https://www.suse.com/security/cve/CVE-2024-35959/ SUSE CVE CVE-2024-35959 page https://www.suse.com/security/cve/CVE-2024-35960/ SUSE CVE CVE-2024-35960 page https://www.suse.com/security/cve/CVE-2024-35961/ SUSE CVE CVE-2024-35961 page https://www.suse.com/security/cve/CVE-2024-35963/ SUSE CVE CVE-2024-35963 page https://www.suse.com/security/cve/CVE-2024-35965/ SUSE CVE CVE-2024-35965 page https://www.suse.com/security/cve/CVE-2024-35966/ SUSE CVE CVE-2024-35966 page https://www.suse.com/security/cve/CVE-2024-35967/ SUSE CVE CVE-2024-35967 page https://www.suse.com/security/cve/CVE-2024-35971/ SUSE CVE CVE-2024-35971 page https://www.suse.com/security/cve/CVE-2024-35972/ SUSE CVE CVE-2024-35972 page https://www.suse.com/security/cve/CVE-2024-35973/ SUSE CVE CVE-2024-35973 page https://www.suse.com/security/cve/CVE-2024-35974/ SUSE CVE CVE-2024-35974 page https://www.suse.com/security/cve/CVE-2024-35975/ SUSE CVE CVE-2024-35975 page https://www.suse.com/security/cve/CVE-2024-35977/ SUSE CVE CVE-2024-35977 page https://www.suse.com/security/cve/CVE-2024-35978/ SUSE CVE CVE-2024-35978 page https://www.suse.com/security/cve/CVE-2024-35982/ SUSE CVE CVE-2024-35982 page https://www.suse.com/security/cve/CVE-2024-35984/ SUSE CVE CVE-2024-35984 page https://www.suse.com/security/cve/CVE-2024-35986/ SUSE CVE CVE-2024-35986 page https://www.suse.com/security/cve/CVE-2024-35989/ SUSE CVE CVE-2024-35989 page https://www.suse.com/security/cve/CVE-2024-35990/ SUSE CVE CVE-2024-35990 page https://www.suse.com/security/cve/CVE-2024-35992/ SUSE CVE CVE-2024-35992 page https://www.suse.com/security/cve/CVE-2024-35995/ SUSE CVE CVE-2024-35995 page https://www.suse.com/security/cve/CVE-2024-35997/ SUSE CVE CVE-2024-35997 page https://www.suse.com/security/cve/CVE-2024-36002/ SUSE CVE CVE-2024-36002 page https://www.suse.com/security/cve/CVE-2024-36009/ SUSE CVE CVE-2024-36009 page https://www.suse.com/security/cve/CVE-2024-36011/ SUSE CVE CVE-2024-36011 page https://www.suse.com/security/cve/CVE-2024-36012/ SUSE CVE CVE-2024-36012 page https://www.suse.com/security/cve/CVE-2024-36014/ SUSE CVE CVE-2024-36014 page https://www.suse.com/security/cve/CVE-2024-36018/ SUSE CVE CVE-2024-36018 page https://www.suse.com/security/cve/CVE-2024-36019/ SUSE CVE CVE-2024-36019 page https://www.suse.com/security/cve/CVE-2024-36020/ SUSE CVE CVE-2024-36020 page https://www.suse.com/security/cve/CVE-2024-36021/ SUSE CVE CVE-2024-36021 page https://www.suse.com/security/cve/CVE-2024-36025/ SUSE CVE CVE-2024-36025 page https://www.suse.com/security/cve/CVE-2024-36026/ SUSE CVE CVE-2024-36026 page https://www.suse.com/security/cve/CVE-2024-36029/ SUSE CVE CVE-2024-36029 page https://www.suse.com/security/cve/CVE-2024-36032/ SUSE CVE CVE-2024-36032 page https://www.suse.com/security/cve/CVE-2024-36476/ SUSE CVE CVE-2024-36476 page https://www.suse.com/security/cve/CVE-2024-36880/ SUSE CVE CVE-2024-36880 page https://www.suse.com/security/cve/CVE-2024-36885/ SUSE CVE CVE-2024-36885 page https://www.suse.com/security/cve/CVE-2024-36891/ SUSE CVE CVE-2024-36891 page https://www.suse.com/security/cve/CVE-2024-36893/ SUSE CVE CVE-2024-36893 page https://www.suse.com/security/cve/CVE-2024-36894/ SUSE CVE CVE-2024-36894 page https://www.suse.com/security/cve/CVE-2024-36895/ SUSE CVE CVE-2024-36895 page https://www.suse.com/security/cve/CVE-2024-36896/ SUSE CVE CVE-2024-36896 page https://www.suse.com/security/cve/CVE-2024-36897/ SUSE CVE CVE-2024-36897 page https://www.suse.com/security/cve/CVE-2024-36898/ SUSE CVE CVE-2024-36898 page https://www.suse.com/security/cve/CVE-2024-36906/ SUSE CVE CVE-2024-36906 page https://www.suse.com/security/cve/CVE-2024-36908/ SUSE CVE CVE-2024-36908 page https://www.suse.com/security/cve/CVE-2024-36921/ SUSE CVE CVE-2024-36921 page https://www.suse.com/security/cve/CVE-2024-36922/ SUSE CVE CVE-2024-36922 page https://www.suse.com/security/cve/CVE-2024-36928/ SUSE CVE CVE-2024-36928 page https://www.suse.com/security/cve/CVE-2024-36930/ SUSE CVE CVE-2024-36930 page https://www.suse.com/security/cve/CVE-2024-36931/ SUSE CVE CVE-2024-36931 page https://www.suse.com/security/cve/CVE-2024-36940/ SUSE CVE CVE-2024-36940 page https://www.suse.com/security/cve/CVE-2024-36941/ SUSE CVE CVE-2024-36941 page https://www.suse.com/security/cve/CVE-2024-36942/ SUSE CVE CVE-2024-36942 page https://www.suse.com/security/cve/CVE-2024-36944/ SUSE CVE CVE-2024-36944 page https://www.suse.com/security/cve/CVE-2024-36949/ SUSE CVE CVE-2024-36949 page https://www.suse.com/security/cve/CVE-2024-36950/ SUSE CVE CVE-2024-36950 page https://www.suse.com/security/cve/CVE-2024-36951/ SUSE CVE CVE-2024-36951 page https://www.suse.com/security/cve/CVE-2024-36955/ SUSE CVE CVE-2024-36955 page https://www.suse.com/security/cve/CVE-2024-36959/ SUSE CVE CVE-2024-36959 page https://www.suse.com/security/cve/CVE-2024-39282/ SUSE CVE CVE-2024-39282 page https://www.suse.com/security/cve/CVE-2024-39480/ SUSE CVE CVE-2024-39480 page https://www.suse.com/security/cve/CVE-2024-41042/ SUSE CVE CVE-2024-41042 page https://www.suse.com/security/cve/CVE-2024-43913/ SUSE CVE CVE-2024-43913 page https://www.suse.com/security/cve/CVE-2024-44934/ SUSE CVE CVE-2024-44934 page https://www.suse.com/security/cve/CVE-2024-44996/ SUSE CVE CVE-2024-44996 page https://www.suse.com/security/cve/CVE-2024-45828/ SUSE CVE CVE-2024-45828 page https://www.suse.com/security/cve/CVE-2024-46896/ SUSE CVE CVE-2024-46896 page https://www.suse.com/security/cve/CVE-2024-47141/ SUSE CVE CVE-2024-47141 page https://www.suse.com/security/cve/CVE-2024-47143/ SUSE CVE CVE-2024-47143 page https://www.suse.com/security/cve/CVE-2024-47678/ SUSE CVE CVE-2024-47678 page https://www.suse.com/security/cve/CVE-2024-47809/ SUSE CVE CVE-2024-47809 page https://www.suse.com/security/cve/CVE-2024-48873/ SUSE CVE CVE-2024-48873 page https://www.suse.com/security/cve/CVE-2024-48881/ SUSE CVE CVE-2024-48881 page https://www.suse.com/security/cve/CVE-2024-49569/ SUSE CVE CVE-2024-49569 page https://www.suse.com/security/cve/CVE-2024-49854/ SUSE CVE CVE-2024-49854 page https://www.suse.com/security/cve/CVE-2024-49884/ SUSE CVE CVE-2024-49884 page https://www.suse.com/security/cve/CVE-2024-49915/ SUSE CVE CVE-2024-49915 page https://www.suse.com/security/cve/CVE-2024-49948/ SUSE CVE CVE-2024-49948 page https://www.suse.com/security/cve/CVE-2024-49951/ SUSE CVE CVE-2024-49951 page https://www.suse.com/security/cve/CVE-2024-49978/ SUSE CVE CVE-2024-49978 page https://www.suse.com/security/cve/CVE-2024-49998/ SUSE CVE CVE-2024-49998 page https://www.suse.com/security/cve/CVE-2024-50016/ SUSE CVE CVE-2024-50016 page https://www.suse.com/security/cve/CVE-2024-50018/ SUSE CVE CVE-2024-50018 page https://www.suse.com/security/cve/CVE-2024-50039/ SUSE CVE CVE-2024-50039 page https://www.suse.com/security/cve/CVE-2024-50047/ SUSE CVE CVE-2024-50047 page https://www.suse.com/security/cve/CVE-2024-50051/ SUSE CVE CVE-2024-50051 page https://www.suse.com/security/cve/CVE-2024-50106/ SUSE CVE CVE-2024-50106 page https://www.suse.com/security/cve/CVE-2024-50143/ SUSE CVE CVE-2024-50143 page https://www.suse.com/security/cve/CVE-2024-50151/ SUSE CVE CVE-2024-50151 page https://www.suse.com/security/cve/CVE-2024-50154/ SUSE CVE CVE-2024-50154 page https://www.suse.com/security/cve/CVE-2024-50199/ SUSE CVE CVE-2024-50199 page https://www.suse.com/security/cve/CVE-2024-50202/ SUSE CVE CVE-2024-50202 page https://www.suse.com/security/cve/CVE-2024-50203/ SUSE CVE CVE-2024-50203 page https://www.suse.com/security/cve/CVE-2024-50211/ SUSE CVE CVE-2024-50211 page https://www.suse.com/security/cve/CVE-2024-50228/ SUSE CVE CVE-2024-50228 page https://www.suse.com/security/cve/CVE-2024-50256/ SUSE CVE CVE-2024-50256 page https://www.suse.com/security/cve/CVE-2024-50262/ SUSE CVE CVE-2024-50262 page https://www.suse.com/security/cve/CVE-2024-50272/ SUSE CVE CVE-2024-50272 page https://www.suse.com/security/cve/CVE-2024-50278/ SUSE CVE CVE-2024-50278 page https://www.suse.com/security/cve/CVE-2024-50280/ SUSE CVE CVE-2024-50280 page https://www.suse.com/security/cve/CVE-2024-50299/ SUSE CVE CVE-2024-50299 page https://www.suse.com/security/cve/CVE-2024-52332/ SUSE CVE CVE-2024-52332 page https://www.suse.com/security/cve/CVE-2024-53050/ SUSE CVE CVE-2024-53050 page https://www.suse.com/security/cve/CVE-2024-53064/ SUSE CVE CVE-2024-53064 page https://www.suse.com/security/cve/CVE-2024-53090/ SUSE CVE CVE-2024-53090 page https://www.suse.com/security/cve/CVE-2024-53091/ SUSE CVE CVE-2024-53091 page https://www.suse.com/security/cve/CVE-2024-53095/ SUSE CVE CVE-2024-53095 page https://www.suse.com/security/cve/CVE-2024-53099/ SUSE CVE CVE-2024-53099 page https://www.suse.com/security/cve/CVE-2024-53103/ SUSE CVE CVE-2024-53103 page https://www.suse.com/security/cve/CVE-2024-53105/ SUSE CVE CVE-2024-53105 page https://www.suse.com/security/cve/CVE-2024-53111/ SUSE CVE CVE-2024-53111 page https://www.suse.com/security/cve/CVE-2024-53113/ SUSE CVE CVE-2024-53113 page https://www.suse.com/security/cve/CVE-2024-53117/ SUSE CVE CVE-2024-53117 page https://www.suse.com/security/cve/CVE-2024-53118/ SUSE CVE CVE-2024-53118 page https://www.suse.com/security/cve/CVE-2024-53119/ SUSE CVE CVE-2024-53119 page https://www.suse.com/security/cve/CVE-2024-53120/ SUSE CVE CVE-2024-53120 page https://www.suse.com/security/cve/CVE-2024-53122/ SUSE CVE CVE-2024-53122 page https://www.suse.com/security/cve/CVE-2024-53125/ SUSE CVE CVE-2024-53125 page https://www.suse.com/security/cve/CVE-2024-53126/ SUSE CVE CVE-2024-53126 page https://www.suse.com/security/cve/CVE-2024-53127/ SUSE CVE CVE-2024-53127 page https://www.suse.com/security/cve/CVE-2024-53129/ SUSE CVE CVE-2024-53129 page https://www.suse.com/security/cve/CVE-2024-53130/ SUSE CVE CVE-2024-53130 page https://www.suse.com/security/cve/CVE-2024-53131/ SUSE CVE CVE-2024-53131 page https://www.suse.com/security/cve/CVE-2024-53133/ SUSE CVE CVE-2024-53133 page https://www.suse.com/security/cve/CVE-2024-53134/ SUSE CVE CVE-2024-53134 page https://www.suse.com/security/cve/CVE-2024-53136/ SUSE CVE CVE-2024-53136 page https://www.suse.com/security/cve/CVE-2024-53141/ SUSE CVE CVE-2024-53141 page https://www.suse.com/security/cve/CVE-2024-53142/ SUSE CVE CVE-2024-53142 page https://www.suse.com/security/cve/CVE-2024-53144/ SUSE CVE CVE-2024-53144 page https://www.suse.com/security/cve/CVE-2024-53146/ SUSE CVE CVE-2024-53146 page https://www.suse.com/security/cve/CVE-2024-53148/ SUSE CVE CVE-2024-53148 page https://www.suse.com/security/cve/CVE-2024-53150/ SUSE CVE CVE-2024-53150 page https://www.suse.com/security/cve/CVE-2024-53151/ SUSE CVE CVE-2024-53151 page https://www.suse.com/security/cve/CVE-2024-53154/ SUSE CVE CVE-2024-53154 page https://www.suse.com/security/cve/CVE-2024-53155/ SUSE CVE CVE-2024-53155 page https://www.suse.com/security/cve/CVE-2024-53156/ SUSE CVE CVE-2024-53156 page https://www.suse.com/security/cve/CVE-2024-53157/ SUSE CVE CVE-2024-53157 page https://www.suse.com/security/cve/CVE-2024-53158/ SUSE CVE CVE-2024-53158 page https://www.suse.com/security/cve/CVE-2024-53159/ SUSE CVE CVE-2024-53159 page https://www.suse.com/security/cve/CVE-2024-53160/ SUSE CVE CVE-2024-53160 page https://www.suse.com/security/cve/CVE-2024-53161/ SUSE CVE CVE-2024-53161 page https://www.suse.com/security/cve/CVE-2024-53162/ SUSE CVE CVE-2024-53162 page https://www.suse.com/security/cve/CVE-2024-53164/ SUSE CVE CVE-2024-53164 page https://www.suse.com/security/cve/CVE-2024-53166/ SUSE CVE CVE-2024-53166 page https://www.suse.com/security/cve/CVE-2024-53168/ SUSE CVE CVE-2024-53168 page https://www.suse.com/security/cve/CVE-2024-53169/ SUSE CVE CVE-2024-53169 page https://www.suse.com/security/cve/CVE-2024-53170/ SUSE CVE CVE-2024-53170 page https://www.suse.com/security/cve/CVE-2024-53171/ SUSE CVE CVE-2024-53171 page https://www.suse.com/security/cve/CVE-2024-53172/ SUSE CVE CVE-2024-53172 page https://www.suse.com/security/cve/CVE-2024-53173/ SUSE CVE CVE-2024-53173 page https://www.suse.com/security/cve/CVE-2024-53174/ SUSE CVE CVE-2024-53174 page https://www.suse.com/security/cve/CVE-2024-53175/ SUSE CVE CVE-2024-53175 page https://www.suse.com/security/cve/CVE-2024-53179/ SUSE CVE CVE-2024-53179 page https://www.suse.com/security/cve/CVE-2024-53180/ SUSE CVE CVE-2024-53180 page https://www.suse.com/security/cve/CVE-2024-53185/ SUSE CVE CVE-2024-53185 page https://www.suse.com/security/cve/CVE-2024-53187/ SUSE CVE CVE-2024-53187 page https://www.suse.com/security/cve/CVE-2024-53188/ SUSE CVE CVE-2024-53188 page https://www.suse.com/security/cve/CVE-2024-53190/ SUSE CVE CVE-2024-53190 page https://www.suse.com/security/cve/CVE-2024-53191/ SUSE CVE CVE-2024-53191 page https://www.suse.com/security/cve/CVE-2024-53194/ SUSE CVE CVE-2024-53194 page https://www.suse.com/security/cve/CVE-2024-53195/ SUSE CVE CVE-2024-53195 page https://www.suse.com/security/cve/CVE-2024-53196/ SUSE CVE CVE-2024-53196 page https://www.suse.com/security/cve/CVE-2024-53197/ SUSE CVE CVE-2024-53197 page https://www.suse.com/security/cve/CVE-2024-53198/ SUSE CVE CVE-2024-53198 page https://www.suse.com/security/cve/CVE-2024-53200/ SUSE CVE CVE-2024-53200 page https://www.suse.com/security/cve/CVE-2024-53201/ SUSE CVE CVE-2024-53201 page https://www.suse.com/security/cve/CVE-2024-53202/ SUSE CVE CVE-2024-53202 page https://www.suse.com/security/cve/CVE-2024-53203/ SUSE CVE CVE-2024-53203 page https://www.suse.com/security/cve/CVE-2024-53206/ SUSE CVE CVE-2024-53206 page https://www.suse.com/security/cve/CVE-2024-53207/ SUSE CVE CVE-2024-53207 page https://www.suse.com/security/cve/CVE-2024-53208/ SUSE CVE CVE-2024-53208 page https://www.suse.com/security/cve/CVE-2024-53209/ SUSE CVE CVE-2024-53209 page https://www.suse.com/security/cve/CVE-2024-53210/ SUSE CVE CVE-2024-53210 page https://www.suse.com/security/cve/CVE-2024-53213/ SUSE CVE CVE-2024-53213 page https://www.suse.com/security/cve/CVE-2024-53214/ SUSE CVE CVE-2024-53214 page https://www.suse.com/security/cve/CVE-2024-53215/ SUSE CVE CVE-2024-53215 page https://www.suse.com/security/cve/CVE-2024-53216/ SUSE CVE CVE-2024-53216 page https://www.suse.com/security/cve/CVE-2024-53217/ SUSE CVE CVE-2024-53217 page https://www.suse.com/security/cve/CVE-2024-53222/ SUSE CVE CVE-2024-53222 page https://www.suse.com/security/cve/CVE-2024-53224/ SUSE CVE CVE-2024-53224 page https://www.suse.com/security/cve/CVE-2024-53227/ SUSE CVE CVE-2024-53227 page https://www.suse.com/security/cve/CVE-2024-53229/ SUSE CVE CVE-2024-53229 page https://www.suse.com/security/cve/CVE-2024-53230/ SUSE CVE CVE-2024-53230 page https://www.suse.com/security/cve/CVE-2024-53231/ SUSE CVE CVE-2024-53231 page https://www.suse.com/security/cve/CVE-2024-53232/ SUSE CVE CVE-2024-53232 page https://www.suse.com/security/cve/CVE-2024-53233/ SUSE CVE CVE-2024-53233 page https://www.suse.com/security/cve/CVE-2024-53234/ SUSE CVE CVE-2024-53234 page https://www.suse.com/security/cve/CVE-2024-53236/ SUSE CVE CVE-2024-53236 page https://www.suse.com/security/cve/CVE-2024-53237/ SUSE CVE CVE-2024-53237 page https://www.suse.com/security/cve/CVE-2024-53239/ SUSE CVE CVE-2024-53239 page https://www.suse.com/security/cve/CVE-2024-53240/ SUSE CVE CVE-2024-53240 page https://www.suse.com/security/cve/CVE-2024-53241/ SUSE CVE CVE-2024-53241 page https://www.suse.com/security/cve/CVE-2024-53685/ SUSE CVE CVE-2024-53685 page https://www.suse.com/security/cve/CVE-2024-53690/ SUSE CVE CVE-2024-53690 page https://www.suse.com/security/cve/CVE-2024-54680/ SUSE CVE CVE-2024-54680 page https://www.suse.com/security/cve/CVE-2024-55639/ SUSE CVE CVE-2024-55639 page https://www.suse.com/security/cve/CVE-2024-55881/ SUSE CVE CVE-2024-55881 page https://www.suse.com/security/cve/CVE-2024-55916/ SUSE CVE CVE-2024-55916 page https://www.suse.com/security/cve/CVE-2024-56369/ SUSE CVE CVE-2024-56369 page https://www.suse.com/security/cve/CVE-2024-56372/ SUSE CVE CVE-2024-56372 page https://www.suse.com/security/cve/CVE-2024-56531/ SUSE CVE CVE-2024-56531 page https://www.suse.com/security/cve/CVE-2024-56532/ SUSE CVE CVE-2024-56532 page https://www.suse.com/security/cve/CVE-2024-56533/ SUSE CVE CVE-2024-56533 page https://www.suse.com/security/cve/CVE-2024-56536/ SUSE CVE CVE-2024-56536 page https://www.suse.com/security/cve/CVE-2024-56538/ SUSE CVE CVE-2024-56538 page https://www.suse.com/security/cve/CVE-2024-56539/ SUSE CVE CVE-2024-56539 page https://www.suse.com/security/cve/CVE-2024-56543/ SUSE CVE CVE-2024-56543 page https://www.suse.com/security/cve/CVE-2024-56546/ SUSE CVE CVE-2024-56546 page https://www.suse.com/security/cve/CVE-2024-56548/ SUSE CVE CVE-2024-56548 page https://www.suse.com/security/cve/CVE-2024-56549/ SUSE CVE CVE-2024-56549 page https://www.suse.com/security/cve/CVE-2024-56551/ SUSE CVE CVE-2024-56551 page https://www.suse.com/security/cve/CVE-2024-56557/ SUSE CVE CVE-2024-56557 page https://www.suse.com/security/cve/CVE-2024-56558/ SUSE CVE CVE-2024-56558 page https://www.suse.com/security/cve/CVE-2024-56562/ SUSE CVE CVE-2024-56562 page https://www.suse.com/security/cve/CVE-2024-56566/ SUSE CVE CVE-2024-56566 page https://www.suse.com/security/cve/CVE-2024-56567/ SUSE CVE CVE-2024-56567 page https://www.suse.com/security/cve/CVE-2024-56568/ SUSE CVE CVE-2024-56568 page https://www.suse.com/security/cve/CVE-2024-56569/ SUSE CVE CVE-2024-56569 page https://www.suse.com/security/cve/CVE-2024-56570/ SUSE CVE CVE-2024-56570 page https://www.suse.com/security/cve/CVE-2024-56571/ SUSE CVE CVE-2024-56571 page https://www.suse.com/security/cve/CVE-2024-56572/ SUSE CVE CVE-2024-56572 page https://www.suse.com/security/cve/CVE-2024-56573/ SUSE CVE CVE-2024-56573 page https://www.suse.com/security/cve/CVE-2024-56574/ SUSE CVE CVE-2024-56574 page https://www.suse.com/security/cve/CVE-2024-56575/ SUSE CVE CVE-2024-56575 page https://www.suse.com/security/cve/CVE-2024-56576/ SUSE CVE CVE-2024-56576 page https://www.suse.com/security/cve/CVE-2024-56577/ SUSE CVE CVE-2024-56577 page https://www.suse.com/security/cve/CVE-2024-56578/ SUSE CVE CVE-2024-56578 page https://www.suse.com/security/cve/CVE-2024-56582/ SUSE CVE CVE-2024-56582 page https://www.suse.com/security/cve/CVE-2024-56584/ SUSE CVE CVE-2024-56584 page https://www.suse.com/security/cve/CVE-2024-56587/ SUSE CVE CVE-2024-56587 page https://www.suse.com/security/cve/CVE-2024-56588/ SUSE CVE CVE-2024-56588 page https://www.suse.com/security/cve/CVE-2024-56589/ SUSE CVE CVE-2024-56589 page https://www.suse.com/security/cve/CVE-2024-56590/ SUSE CVE CVE-2024-56590 page https://www.suse.com/security/cve/CVE-2024-56593/ SUSE CVE CVE-2024-56593 page https://www.suse.com/security/cve/CVE-2024-56594/ SUSE CVE CVE-2024-56594 page https://www.suse.com/security/cve/CVE-2024-56595/ SUSE CVE CVE-2024-56595 page https://www.suse.com/security/cve/CVE-2024-56596/ SUSE CVE CVE-2024-56596 page https://www.suse.com/security/cve/CVE-2024-56597/ SUSE CVE CVE-2024-56597 page https://www.suse.com/security/cve/CVE-2024-56598/ SUSE CVE CVE-2024-56598 page https://www.suse.com/security/cve/CVE-2024-56599/ SUSE CVE CVE-2024-56599 page https://www.suse.com/security/cve/CVE-2024-5660/ SUSE CVE CVE-2024-5660 page https://www.suse.com/security/cve/CVE-2024-56600/ SUSE CVE CVE-2024-56600 page https://www.suse.com/security/cve/CVE-2024-56601/ SUSE CVE CVE-2024-56601 page https://www.suse.com/security/cve/CVE-2024-56602/ SUSE CVE CVE-2024-56602 page https://www.suse.com/security/cve/CVE-2024-56603/ SUSE CVE CVE-2024-56603 page https://www.suse.com/security/cve/CVE-2024-56604/ SUSE CVE CVE-2024-56604 page https://www.suse.com/security/cve/CVE-2024-56605/ SUSE CVE CVE-2024-56605 page https://www.suse.com/security/cve/CVE-2024-56606/ SUSE CVE CVE-2024-56606 page https://www.suse.com/security/cve/CVE-2024-56607/ SUSE CVE CVE-2024-56607 page https://www.suse.com/security/cve/CVE-2024-56608/ SUSE CVE CVE-2024-56608 page https://www.suse.com/security/cve/CVE-2024-56609/ SUSE CVE CVE-2024-56609 page https://www.suse.com/security/cve/CVE-2024-56610/ SUSE CVE CVE-2024-56610 page https://www.suse.com/security/cve/CVE-2024-56611/ SUSE CVE CVE-2024-56611 page https://www.suse.com/security/cve/CVE-2024-56614/ SUSE CVE CVE-2024-56614 page https://www.suse.com/security/cve/CVE-2024-56615/ SUSE CVE CVE-2024-56615 page https://www.suse.com/security/cve/CVE-2024-56616/ SUSE CVE CVE-2024-56616 page https://www.suse.com/security/cve/CVE-2024-56617/ SUSE CVE CVE-2024-56617 page https://www.suse.com/security/cve/CVE-2024-56619/ SUSE CVE CVE-2024-56619 page https://www.suse.com/security/cve/CVE-2024-56620/ SUSE CVE CVE-2024-56620 page https://www.suse.com/security/cve/CVE-2024-56622/ SUSE CVE CVE-2024-56622 page https://www.suse.com/security/cve/CVE-2024-56623/ SUSE CVE CVE-2024-56623 page https://www.suse.com/security/cve/CVE-2024-56625/ SUSE CVE CVE-2024-56625 page https://www.suse.com/security/cve/CVE-2024-56629/ SUSE CVE CVE-2024-56629 page https://www.suse.com/security/cve/CVE-2024-56630/ SUSE CVE CVE-2024-56630 page https://www.suse.com/security/cve/CVE-2024-56631/ SUSE CVE CVE-2024-56631 page https://www.suse.com/security/cve/CVE-2024-56632/ SUSE CVE CVE-2024-56632 page https://www.suse.com/security/cve/CVE-2024-56634/ SUSE CVE CVE-2024-56634 page https://www.suse.com/security/cve/CVE-2024-56635/ SUSE CVE CVE-2024-56635 page https://www.suse.com/security/cve/CVE-2024-56636/ SUSE CVE CVE-2024-56636 page https://www.suse.com/security/cve/CVE-2024-56637/ SUSE CVE CVE-2024-56637 page https://www.suse.com/security/cve/CVE-2024-56641/ SUSE CVE CVE-2024-56641 page https://www.suse.com/security/cve/CVE-2024-56642/ SUSE CVE CVE-2024-56642 page https://www.suse.com/security/cve/CVE-2024-56643/ SUSE CVE CVE-2024-56643 page https://www.suse.com/security/cve/CVE-2024-56644/ SUSE CVE CVE-2024-56644 page https://www.suse.com/security/cve/CVE-2024-56645/ SUSE CVE CVE-2024-56645 page https://www.suse.com/security/cve/CVE-2024-56648/ SUSE CVE CVE-2024-56648 page https://www.suse.com/security/cve/CVE-2024-56649/ SUSE CVE CVE-2024-56649 page https://www.suse.com/security/cve/CVE-2024-56650/ SUSE CVE CVE-2024-56650 page https://www.suse.com/security/cve/CVE-2024-56651/ SUSE CVE CVE-2024-56651 page https://www.suse.com/security/cve/CVE-2024-56654/ SUSE CVE CVE-2024-56654 page https://www.suse.com/security/cve/CVE-2024-56656/ SUSE CVE CVE-2024-56656 page https://www.suse.com/security/cve/CVE-2024-56659/ SUSE CVE CVE-2024-56659 page https://www.suse.com/security/cve/CVE-2024-56660/ SUSE CVE CVE-2024-56660 page https://www.suse.com/security/cve/CVE-2024-56661/ SUSE CVE CVE-2024-56661 page https://www.suse.com/security/cve/CVE-2024-56662/ SUSE CVE CVE-2024-56662 page https://www.suse.com/security/cve/CVE-2024-56663/ SUSE CVE CVE-2024-56663 page https://www.suse.com/security/cve/CVE-2024-56664/ SUSE CVE CVE-2024-56664 page https://www.suse.com/security/cve/CVE-2024-56665/ SUSE CVE CVE-2024-56665 page https://www.suse.com/security/cve/CVE-2024-56667/ SUSE CVE CVE-2024-56667 page https://www.suse.com/security/cve/CVE-2024-56670/ SUSE CVE CVE-2024-56670 page https://www.suse.com/security/cve/CVE-2024-56672/ SUSE CVE CVE-2024-56672 page https://www.suse.com/security/cve/CVE-2024-56675/ SUSE CVE CVE-2024-56675 page https://www.suse.com/security/cve/CVE-2024-56677/ SUSE CVE CVE-2024-56677 page https://www.suse.com/security/cve/CVE-2024-56678/ SUSE CVE CVE-2024-56678 page https://www.suse.com/security/cve/CVE-2024-56679/ SUSE CVE CVE-2024-56679 page https://www.suse.com/security/cve/CVE-2024-56681/ SUSE CVE CVE-2024-56681 page https://www.suse.com/security/cve/CVE-2024-56683/ SUSE CVE CVE-2024-56683 page https://www.suse.com/security/cve/CVE-2024-56687/ SUSE CVE CVE-2024-56687 page https://www.suse.com/security/cve/CVE-2024-56688/ SUSE CVE CVE-2024-56688 page https://www.suse.com/security/cve/CVE-2024-56690/ SUSE CVE CVE-2024-56690 page https://www.suse.com/security/cve/CVE-2024-56691/ SUSE CVE CVE-2024-56691 page https://www.suse.com/security/cve/CVE-2024-56693/ SUSE CVE CVE-2024-56693 page https://www.suse.com/security/cve/CVE-2024-56694/ SUSE CVE CVE-2024-56694 page https://www.suse.com/security/cve/CVE-2024-56698/ SUSE CVE CVE-2024-56698 page https://www.suse.com/security/cve/CVE-2024-56700/ SUSE CVE CVE-2024-56700 page https://www.suse.com/security/cve/CVE-2024-56701/ SUSE CVE CVE-2024-56701 page https://www.suse.com/security/cve/CVE-2024-56704/ SUSE CVE CVE-2024-56704 page https://www.suse.com/security/cve/CVE-2024-56705/ SUSE CVE CVE-2024-56705 page https://www.suse.com/security/cve/CVE-2024-56707/ SUSE CVE CVE-2024-56707 page https://www.suse.com/security/cve/CVE-2024-56708/ SUSE CVE CVE-2024-56708 page https://www.suse.com/security/cve/CVE-2024-56709/ SUSE CVE CVE-2024-56709 page https://www.suse.com/security/cve/CVE-2024-56712/ SUSE CVE CVE-2024-56712 page https://www.suse.com/security/cve/CVE-2024-56715/ SUSE CVE CVE-2024-56715 page https://www.suse.com/security/cve/CVE-2024-56716/ SUSE CVE CVE-2024-56716 page https://www.suse.com/security/cve/CVE-2024-56722/ SUSE CVE CVE-2024-56722 page https://www.suse.com/security/cve/CVE-2024-56723/ SUSE CVE CVE-2024-56723 page https://www.suse.com/security/cve/CVE-2024-56724/ SUSE CVE CVE-2024-56724 page https://www.suse.com/security/cve/CVE-2024-56725/ SUSE CVE CVE-2024-56725 page https://www.suse.com/security/cve/CVE-2024-56726/ SUSE CVE CVE-2024-56726 page https://www.suse.com/security/cve/CVE-2024-56727/ SUSE CVE CVE-2024-56727 page https://www.suse.com/security/cve/CVE-2024-56728/ SUSE CVE CVE-2024-56728 page https://www.suse.com/security/cve/CVE-2024-56729/ SUSE CVE CVE-2024-56729 page https://www.suse.com/security/cve/CVE-2024-56739/ SUSE CVE CVE-2024-56739 page https://www.suse.com/security/cve/CVE-2024-56741/ SUSE CVE CVE-2024-56741 page https://www.suse.com/security/cve/CVE-2024-56745/ SUSE CVE CVE-2024-56745 page https://www.suse.com/security/cve/CVE-2024-56746/ SUSE CVE CVE-2024-56746 page https://www.suse.com/security/cve/CVE-2024-56747/ SUSE CVE CVE-2024-56747 page https://www.suse.com/security/cve/CVE-2024-56748/ SUSE CVE CVE-2024-56748 page https://www.suse.com/security/cve/CVE-2024-56752/ SUSE CVE CVE-2024-56752 page https://www.suse.com/security/cve/CVE-2024-56754/ SUSE CVE CVE-2024-56754 page https://www.suse.com/security/cve/CVE-2024-56755/ SUSE CVE CVE-2024-56755 page https://www.suse.com/security/cve/CVE-2024-56756/ SUSE CVE CVE-2024-56756 page https://www.suse.com/security/cve/CVE-2024-56759/ SUSE CVE CVE-2024-56759 page https://www.suse.com/security/cve/CVE-2024-56760/ SUSE CVE CVE-2024-56760 page https://www.suse.com/security/cve/CVE-2024-56763/ SUSE CVE CVE-2024-56763 page https://www.suse.com/security/cve/CVE-2024-56765/ SUSE CVE CVE-2024-56765 page https://www.suse.com/security/cve/CVE-2024-56766/ SUSE CVE CVE-2024-56766 page https://www.suse.com/security/cve/CVE-2024-56767/ SUSE CVE CVE-2024-56767 page https://www.suse.com/security/cve/CVE-2024-56769/ SUSE CVE CVE-2024-56769 page https://www.suse.com/security/cve/CVE-2024-56774/ SUSE CVE CVE-2024-56774 page https://www.suse.com/security/cve/CVE-2024-56775/ SUSE CVE CVE-2024-56775 page https://www.suse.com/security/cve/CVE-2024-56776/ SUSE CVE CVE-2024-56776 page https://www.suse.com/security/cve/CVE-2024-56777/ SUSE CVE CVE-2024-56777 page https://www.suse.com/security/cve/CVE-2024-56778/ SUSE CVE CVE-2024-56778 page https://www.suse.com/security/cve/CVE-2024-56779/ SUSE CVE CVE-2024-56779 page https://www.suse.com/security/cve/CVE-2024-56780/ SUSE CVE CVE-2024-56780 page https://www.suse.com/security/cve/CVE-2024-56787/ SUSE CVE CVE-2024-56787 page https://www.suse.com/security/cve/CVE-2024-57791/ SUSE CVE CVE-2024-57791 page https://www.suse.com/security/cve/CVE-2024-57792/ SUSE CVE CVE-2024-57792 page https://www.suse.com/security/cve/CVE-2024-57793/ SUSE CVE CVE-2024-57793 page https://www.suse.com/security/cve/CVE-2024-57795/ SUSE CVE CVE-2024-57795 page https://www.suse.com/security/cve/CVE-2024-57798/ SUSE CVE CVE-2024-57798 page https://www.suse.com/security/cve/CVE-2024-57801/ SUSE CVE CVE-2024-57801 page https://www.suse.com/security/cve/CVE-2024-57802/ SUSE CVE CVE-2024-57802 page https://www.suse.com/security/cve/CVE-2024-57804/ SUSE CVE CVE-2024-57804 page https://www.suse.com/security/cve/CVE-2024-57809/ SUSE CVE CVE-2024-57809 page https://www.suse.com/security/cve/CVE-2024-57838/ SUSE CVE CVE-2024-57838 page https://www.suse.com/security/cve/CVE-2024-57849/ SUSE CVE CVE-2024-57849 page https://www.suse.com/security/cve/CVE-2024-57850/ SUSE CVE CVE-2024-57850 page https://www.suse.com/security/cve/CVE-2024-57857/ SUSE CVE CVE-2024-57857 page https://www.suse.com/security/cve/CVE-2024-57874/ SUSE CVE CVE-2024-57874 page https://www.suse.com/security/cve/CVE-2024-57876/ SUSE CVE CVE-2024-57876 page https://www.suse.com/security/cve/CVE-2024-57884/ SUSE CVE CVE-2024-57884 page https://www.suse.com/security/cve/CVE-2024-57887/ SUSE CVE CVE-2024-57887 page https://www.suse.com/security/cve/CVE-2024-57888/ SUSE CVE CVE-2024-57888 page https://www.suse.com/security/cve/CVE-2024-57890/ SUSE CVE CVE-2024-57890 page https://www.suse.com/security/cve/CVE-2024-57892/ SUSE CVE CVE-2024-57892 page https://www.suse.com/security/cve/CVE-2024-57893/ SUSE CVE CVE-2024-57893 page https://www.suse.com/security/cve/CVE-2024-57896/ SUSE CVE CVE-2024-57896 page https://www.suse.com/security/cve/CVE-2024-57897/ SUSE CVE CVE-2024-57897 page https://www.suse.com/security/cve/CVE-2024-57899/ SUSE CVE CVE-2024-57899 page https://www.suse.com/security/cve/CVE-2024-57903/ SUSE CVE CVE-2024-57903 page https://www.suse.com/security/cve/CVE-2024-57904/ SUSE CVE CVE-2024-57904 page https://www.suse.com/security/cve/CVE-2024-57906/ SUSE CVE CVE-2024-57906 page https://www.suse.com/security/cve/CVE-2024-57907/ SUSE CVE CVE-2024-57907 page https://www.suse.com/security/cve/CVE-2024-57908/ SUSE CVE CVE-2024-57908 page https://www.suse.com/security/cve/CVE-2024-57910/ SUSE CVE CVE-2024-57910 page https://www.suse.com/security/cve/CVE-2024-57911/ SUSE CVE CVE-2024-57911 page https://www.suse.com/security/cve/CVE-2024-57912/ SUSE CVE CVE-2024-57912 page https://www.suse.com/security/cve/CVE-2024-57913/ SUSE CVE CVE-2024-57913 page https://www.suse.com/security/cve/CVE-2024-57915/ SUSE CVE CVE-2024-57915 page https://www.suse.com/security/cve/CVE-2024-57916/ SUSE CVE CVE-2024-57916 page https://www.suse.com/security/cve/CVE-2024-57917/ SUSE CVE CVE-2024-57917 page https://www.suse.com/security/cve/CVE-2024-57922/ SUSE CVE CVE-2024-57922 page https://www.suse.com/security/cve/CVE-2024-57926/ SUSE CVE CVE-2024-57926 page https://www.suse.com/security/cve/CVE-2024-57929/ SUSE CVE CVE-2024-57929 page https://www.suse.com/security/cve/CVE-2024-57931/ SUSE CVE CVE-2024-57931 page https://www.suse.com/security/cve/CVE-2024-57932/ SUSE CVE CVE-2024-57932 page https://www.suse.com/security/cve/CVE-2024-57933/ SUSE CVE CVE-2024-57933 page https://www.suse.com/security/cve/CVE-2024-57935/ SUSE CVE CVE-2024-57935 page https://www.suse.com/security/cve/CVE-2024-57936/ SUSE CVE CVE-2024-57936 page https://www.suse.com/security/cve/CVE-2024-57938/ SUSE CVE CVE-2024-57938 page https://www.suse.com/security/cve/CVE-2024-57940/ SUSE CVE CVE-2024-57940 page https://www.suse.com/security/cve/CVE-2024-57946/ SUSE CVE CVE-2024-57946 page https://www.suse.com/security/cve/CVE-2024-8805/ SUSE CVE CVE-2024-8805 page https://www.suse.com/security/cve/CVE-2025-21632/ SUSE CVE CVE-2025-21632 page https://www.suse.com/security/cve/CVE-2025-21645/ SUSE CVE CVE-2025-21645 page https://www.suse.com/security/cve/CVE-2025-21646/ SUSE CVE CVE-2025-21646 page https://www.suse.com/security/cve/CVE-2025-21649/ SUSE CVE CVE-2025-21649 page https://www.suse.com/security/cve/CVE-2025-21650/ SUSE CVE CVE-2025-21650 page https://www.suse.com/security/cve/CVE-2025-21651/ SUSE CVE CVE-2025-21651 page https://www.suse.com/security/cve/CVE-2025-21652/ SUSE CVE CVE-2025-21652 page https://www.suse.com/security/cve/CVE-2025-21653/ SUSE CVE CVE-2025-21653 page https://www.suse.com/security/cve/CVE-2025-21655/ SUSE CVE CVE-2025-21655 page https://www.suse.com/security/cve/CVE-2025-21656/ SUSE CVE CVE-2025-21656 page https://www.suse.com/security/cve/CVE-2025-21662/ SUSE CVE CVE-2025-21662 page https://www.suse.com/security/cve/CVE-2025-21663/ SUSE CVE CVE-2025-21663 page https://www.suse.com/security/cve/CVE-2025-21664/ SUSE CVE CVE-2025-21664 page https://www.suse.com/security/cve/CVE-2025-21674/ SUSE CVE CVE-2025-21674 page https://www.suse.com/security/cve/CVE-2025-21676/ SUSE CVE CVE-2025-21676 page https://www.suse.com/security/cve/CVE-2025-21682/ SUSE CVE CVE-2025-21682 page SUSE Linux Micro 6.1 kernel-devel-rt-6.4.0-25.1 kernel-livepatch-6_4_0-25-rt-1-1.1 kernel-rt-6.4.0-25.1 kernel-rt-devel-6.4.0-25.1 kernel-rt-livepatch-6.4.0-25.1 kernel-source-rt-6.4.0-25.1 kernel-devel-rt-6.4.0-25.1 as a component of SUSE Linux Micro 6.1 kernel-livepatch-6_4_0-25-rt-1-1.1 as a component of SUSE Linux Micro 6.1 kernel-rt-6.4.0-25.1 as a component of SUSE Linux Micro 6.1 kernel-rt-devel-6.4.0-25.1 as a component of SUSE Linux Micro 6.1 kernel-rt-livepatch-6.4.0-25.1 as a component of SUSE Linux Micro 6.1 kernel-source-rt-6.4.0-25.1 as a component of SUSE Linux Micro 6.1 The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. CVE-2023-47233 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-47233.html CVE-2023-47233 https://bugzilla.suse.com/1216702 SUSE Bug 1216702 https://bugzilla.suse.com/1224592 SUSE Bug 1224592 In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can call that. However, we never check the permission flags when someone remounts the filesystem as RW. As a result this leads to a crash looking like this: $ mount -o remount,rw /sys/firmware/efi/efivars $ efi-updatevar -f PK.auth PK [ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 303.280482] Mem abort info: [ 303.280854] ESR = 0x0000000086000004 [ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits [ 303.282016] SET = 0, FnV = 0 [ 303.282414] EA = 0, S1PTW = 0 [ 303.282821] FSC = 0x04: level 0 translation fault [ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000 [ 303.284913] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 303.286076] Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP [ 303.286936] Modules linked in: qrtr tpm_tis tpm_tis_core crct10dif_ce arm_smccc_trng rng_core drm fuse ip_tables x_tables ipv6 [ 303.288586] CPU: 1 PID: 755 Comm: efi-updatevar Not tainted 6.3.0-rc1-00108-gc7d0c4695c68 #1 [ 303.289748] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.04-00627-g88336918701d 04/01/2023 [ 303.291150] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 303.292123] pc : 0x0 [ 303.292443] lr : efivar_set_variable_locked+0x74/0xec [ 303.293156] sp : ffff800008673c10 [ 303.293619] x29: ffff800008673c10 x28: ffff0000037e8000 x27: 0000000000000000 [ 303.294592] x26: 0000000000000800 x25: ffff000002467400 x24: 0000000000000027 [ 303.295572] x23: ffffd49ea9832000 x22: ffff0000020c9800 x21: ffff000002467000 [ 303.296566] x20: 0000000000000001 x19: 00000000000007fc x18: 0000000000000000 [ 303.297531] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaac807ab54 [ 303.298495] x14: ed37489f673633c0 x13: 71c45c606de13f80 x12: 47464259e219acf4 [ 303.299453] x11: ffff000002af7b01 x10: 0000000000000003 x9 : 0000000000000002 [ 303.300431] x8 : 0000000000000010 x7 : ffffd49ea8973230 x6 : 0000000000a85201 [ 303.301412] x5 : 0000000000000000 x4 : ffff0000020c9800 x3 : 00000000000007fc [ 303.302370] x2 : 0000000000000027 x1 : ffff000002467400 x0 : ffff000002467000 [ 303.303341] Call trace: [ 303.303679] 0x0 [ 303.303938] efivar_entry_set_get_size+0x98/0x16c [ 303.304585] efivarfs_file_write+0xd0/0x1a4 [ 303.305148] vfs_write+0xc4/0x2e4 [ 303.305601] ksys_write+0x70/0x104 [ 303.306073] __arm64_sys_write+0x1c/0x28 [ 303.306622] invoke_syscall+0x48/0x114 [ 303.307156] el0_svc_common.constprop.0+0x44/0xec [ 303.307803] do_el0_svc+0x38/0x98 [ 303.308268] el0_svc+0x2c/0x84 [ 303.308702] el0t_64_sync_handler+0xf4/0x120 [ 303.309293] el0t_64_sync+0x190/0x194 [ 303.309794] Code: ???????? ???????? ???????? ???????? (????????) [ 303.310612] ---[ end trace 0000000000000000 ]--- Fix this by adding a .reconfigure() function to the fs operations which we can use to check the requested flags and deny anything that's not RO if the firmware doesn't implement SetVariable at runtime. CVE-2023-52463 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52463.html CVE-2023-52463 https://bugzilla.suse.com/1220328 SUSE Bug 1220328 In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but adding a check is very simple and makes the static checkers happy. CVE-2023-52472 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52472.html CVE-2023-52472 https://bugzilla.suse.com/1220427 SUSE Bug 1220427 https://bugzilla.suse.com/1220430 SUSE Bug 1220430 In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if its parent does not change as without locking that can corrupt the filesystem. CVE-2023-52591 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52591.html CVE-2023-52591 https://bugzilla.suse.com/1221044 SUSE Bug 1221044 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error. Thus, this patch reform the last call of gss_import_v2_context to the gss_krb5_import_ctx_v2, preventing the memleak while keepping the return formation. CVE-2023-52653 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52653.html CVE-2023-52653 https://bugzilla.suse.com/1223712 SUSE Bug 1223712 In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/pm: resolve reboot exception for si oland" This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. This causes hangs on SI when DC is enabled and errors on driver reboot and power off cycles. CVE-2023-52657 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52657.html CVE-2023-52657 https://bugzilla.suse.com/1224722 SUSE Bug 1224722 In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash. CVE-2023-52658 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52658.html CVE-2023-52658 https://bugzilla.suse.com/1224719 SUSE Bug 1224719 In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will hang as the driver tries to access the ISP registers. This can be reproduced even without the platform sharing the IRQ line: Enable CONFIG_DEBUG_SHIRQ and unload the driver, and the board will hang. Fix this by adding a new field, 'irqs_enabled', which is used to bail out from the interrupt handler when the ISP is not operational. CVE-2023-52660 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52660.html CVE-2023-52660 https://bugzilla.suse.com/1224443 SUSE Bug 1224443 In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() If clk_get_sys(..., "pll_d2_out0") fails, the clk_get_sys() call must be undone. Add the missing clk_put and a new 'put_pll_d_out0' label in the error handling path, and use it. CVE-2023-52661 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52661.html CVE-2023-52661 https://bugzilla.suse.com/1224445 SUSE Bug 1224445 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, including *res allocated by kmalloc and ttm_resource_init. CVE-2023-52662 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52662.html CVE-2023-52662 https://bugzilla.suse.com/1224449 SUSE Bug 1224449 In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak. Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity. CVE-2023-52663 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52663.html CVE-2023-52663 https://bugzilla.suse.com/1224630 SUSE Bug 1224630 In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer. CVE-2023-52664 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52664.html CVE-2023-52664 https://bugzilla.suse.com/1224747 SUSE Bug 1224747 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g. However, its caller fs_any_create_table() will free ft->g again through calling mlx5e_destroy_flow_table(), which will lead to a double-free. Fix this by setting ft->g to NULL in fs_any_create_groups(). CVE-2023-52667 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52667.html CVE-2023-52667 https://bugzilla.suse.com/1224603 SUSE Bug 1224603 In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing. CVE-2023-52669 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52669.html CVE-2023-52669 https://bugzilla.suse.com/1224637 SUSE Bug 1224637 In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128): comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s) hex dump (first 32 bytes): 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000009c94c9c1>] __kmem_cache_alloc_node+0x1f8/0x320 [<000000002300d89b>] __kmalloc_node_track_caller+0x44/0x70 [<00000000228a60c3>] kstrndup+0x4c/0x90 [<0000000077158695>] driver_set_override+0xd0/0x164 [<000000003e9c4ea5>] rpmsg_register_device_override+0x98/0x170 [<000000001c0c89a8>] rpmsg_ns_register_device+0x24/0x30 [<000000008bbf8fa2>] rpmsg_probe+0x2e0/0x3ec [<00000000e65a68df>] virtio_dev_probe+0x1c0/0x280 [<00000000443331cc>] really_probe+0xbc/0x2dc [<00000000391064b1>] __driver_probe_device+0x78/0xe0 [<00000000a41c9a5b>] driver_probe_device+0xd8/0x160 [<000000009c3bd5df>] __device_attach_driver+0xb8/0x140 [<0000000043cd7614>] bus_for_each_drv+0x7c/0xd4 [<000000003b929a36>] __device_attach+0x9c/0x19c [<00000000a94e0ba8>] device_initial_probe+0x14/0x20 [<000000003c999637>] bus_probe_device+0xa0/0xac CVE-2023-52670 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52670.html CVE-2023-52670 https://bugzilla.suse.com/1224696 SUSE Bug 1224696 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different OPTC could cause a hang/underflow due to OPPs not being properly disconnected from the disabled OPTC. [How] Ensure that all OPPs are unassigned from an OPTC when it gets disabled. CVE-2023-52671 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52671.html CVE-2023-52671 https://bugzilla.suse.com/1224729 SUSE Bug 1224729 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it. CVE-2023-52673 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52673.html CVE-2023-52673 https://bugzilla.suse.com/1224741 SUSE Bug 1224741 In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. CVE-2023-52675 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52675.html CVE-2023-52675 https://bugzilla.suse.com/1224504 SUSE Bug 1224504 In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in which case the caller checked it to be below 1<<29 [1]), or from the size of an argument to a kfunc (in which case it can be a u32 [2]). Between the register being inconsistently checked to be below 1<<29, and the offset being up to an u32, it appears that we were open to overflowing the `int`s which were currently used for arithmetic. [1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498 [2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904 CVE-2023-52676 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52676.html CVE-2023-52676 https://bugzilla.suse.com/1224730 SUSE Bug 1224730 https://bugzilla.suse.com/1226336 SUSE Bug 1226336 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the below: drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1347 kfd_create_indirect_link_prop() warn: can 'gpu_link' even be NULL? drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1428 kfd_add_peer_prop() warn: can 'iolink1' even be NULL? drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1433 kfd_add_peer_prop() warn: can 'iolink2' even be NULL? CVE-2023-52678 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52678.html CVE-2023-52678 https://bugzilla.suse.com/1224617 SUSE Bug 1224617 In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur". Extend the unittest to detect the double free and add an additional test case that actually triggers this path. CVE-2023-52679 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52679.html CVE-2023-52679 https://bugzilla.suse.com/1224508 SUSE Bug 1224508 In the Linux kernel, the following vulnerability has been resolved: efivarfs: Free s_fs_info on unmount Now that we allocate a s_fs_info struct on fs context creation, we should ensure that we free it again when the superblock goes away. CVE-2023-52681 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52681.html CVE-2023-52681 https://bugzilla.suse.com/1224505 SUSE Bug 1224505 In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32(). Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2023-52683 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52683.html CVE-2023-52683 https://bugzilla.suse.com/1224627 SUSE Bug 1224627 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2023-52685 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52685.html CVE-2023-52685 https://bugzilla.suse.com/1224728 SUSE Bug 1224728 In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. CVE-2023-52686 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52686.html CVE-2023-52686 https://bugzilla.suse.com/1224682 SUSE Bug 1224682 In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dma_map_sg() calls Macro dma_map_sg() may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dma_unmap_sg(). Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. CVE-2023-52687 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52687.html CVE-2023-52687 https://bugzilla.suse.com/1224501 SUSE Bug 1224501 In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks. CVE-2023-52690 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52690.html CVE-2023-52690 https://bugzilla.suse.com/1224611 SUSE Bug 1224611 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the control flow returns to si_dpm_sw_init, it goes to label dpm_failed and calls si_dpm_fini, which calls amdgpu_free_extended_power_table again and free those fields again. Thus a double-free is triggered. CVE-2023-52691 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52691.html CVE-2023-52691 https://bugzilla.suse.com/1224607 SUSE Bug 1224607 In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_get_parent), this can lead to incorrect (uninitialized) acpi_parent handle being passed to acpi_get_pci_dev() for detecting the parent pci device. Check acpi_get_parent() result and set parent device only in case of success. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2023-52693 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52693.html CVE-2023-52693 https://bugzilla.suse.com/1224686 SUSE Bug 1224686 In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function With tpd12s015_remove() marked with __exit this function is discarded when the driver is compiled as a built-in. The result is that when the driver unbinds there is no cleanup done which results in resource leakage or worse. CVE-2023-52694 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52694.html CVE-2023-52694 https://bugzilla.suse.com/1224598 SUSE Bug 1224598 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink [WHY & HOW] This is to check connector type to avoid unhandled null pointer for writeback connectors. CVE-2023-52695 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52695.html CVE-2023-52695 https://bugzilla.suse.com/1224506 SUSE Bug 1224506 In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. CVE-2023-52696 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52696.html CVE-2023-52696 https://bugzilla.suse.com/1224601 SUSE Bug 1224601 In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL sof_sdw_rt_sdca_jack_exit() are used by different codecs, and some of them use the same dai name. For example, rt712 and rt713 both use "rt712-sdca-aif1" and sof_sdw_rt_sdca_jack_exit(). As a result, sof_sdw_rt_sdca_jack_exit() will be called twice by mc_dailink_exit_loop(). Set ctx->headset_codec_dev = NULL; after put_device(ctx->headset_codec_dev); to avoid ctx->headset_codec_dev being put twice. CVE-2023-52697 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52697.html CVE-2023-52697 https://bugzilla.suse.com/1224596 SUSE Bug 1224596 In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other undefined behaviour. After a lot of testing (30+ hours) while also doing a lot of frequency switches, we can't observe any instability issues anymore when doing reparenting to stable clock like 24 MHz oscillator. CVE-2023-52882 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52882.html CVE-2023-52882 https://bugzilla.suse.com/1225692 SUSE Bug 1225692 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _DEAD bit from the sync GC path since this runs in control plane path where mutex is held. In this case, set elements are deactivated, removed and then released via RCU callback, sync GC never fails. CVE-2023-52923 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2023-52923.html CVE-2023-52923 https://bugzilla.suse.com/1236104 SUSE Bug 1236104 NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. CVE-2024-22099 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-22099.html CVE-2024-22099 https://bugzilla.suse.com/1219170 SUSE Bug 1219170 In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpf_xdp_adjust_tail() and memory type is set to MEM_TYPE_XSK_BUFF_POOL, null ptr dereference happens: [1136314.192256] BUG: kernel NULL pointer dereference, address: 0000000000000034 [1136314.203943] #PF: supervisor read access in kernel mode [1136314.213768] #PF: error_code(0x0000) - not-present page [1136314.223550] PGD 0 P4D 0 [1136314.230684] Oops: 0000 [#1] PREEMPT SMP NOPTI [1136314.239621] CPU: 8 PID: 54203 Comm: xdpsock Not tainted 6.6.0+ #257 [1136314.250469] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [1136314.265615] RIP: 0010:__xdp_return+0x6c/0x210 [1136314.274653] Code: ad 00 48 8b 47 08 49 89 f8 a8 01 0f 85 9b 01 00 00 0f 1f 44 00 00 f0 41 ff 48 34 75 32 4c 89 c7 e9 79 cd 80 ff 83 fe 03 75 17 <f6> 41 34 01 0f 85 02 01 00 00 48 89 cf e9 22 cc 1e 00 e9 3d d2 86 [1136314.302907] RSP: 0018:ffffc900089f8db0 EFLAGS: 00010246 [1136314.312967] RAX: ffffc9003168aed0 RBX: ffff8881c3300000 RCX: 0000000000000000 [1136314.324953] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc9003168c000 [1136314.336929] RBP: 0000000000000ae0 R08: 0000000000000002 R09: 0000000000010000 [1136314.348844] R10: ffffc9000e495000 R11: 0000000000000040 R12: 0000000000000001 [1136314.360706] R13: 0000000000000524 R14: ffffc9003168aec0 R15: 0000000000000001 [1136314.373298] FS: 00007f8df8bbcb80(0000) GS:ffff8897e0e00000(0000) knlGS:0000000000000000 [1136314.386105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1136314.396532] CR2: 0000000000000034 CR3: 00000001aa912002 CR4: 00000000007706f0 [1136314.408377] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1136314.420173] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1136314.431890] PKRU: 55555554 [1136314.439143] Call Trace: [1136314.446058] <IRQ> [1136314.452465] ? __die+0x20/0x70 [1136314.459881] ? page_fault_oops+0x15b/0x440 [1136314.468305] ? exc_page_fault+0x6a/0x150 [1136314.476491] ? asm_exc_page_fault+0x22/0x30 [1136314.484927] ? __xdp_return+0x6c/0x210 [1136314.492863] bpf_xdp_adjust_tail+0x155/0x1d0 [1136314.501269] bpf_prog_ccc47ae29d3b6570_xdp_sock_prog+0x15/0x60 [1136314.511263] ice_clean_rx_irq_zc+0x206/0xc60 [ice] [1136314.520222] ? ice_xmit_zc+0x6e/0x150 [ice] [1136314.528506] ice_napi_poll+0x467/0x670 [ice] [1136314.536858] ? ttwu_do_activate.constprop.0+0x8f/0x1a0 [1136314.546010] __napi_poll+0x29/0x1b0 [1136314.553462] net_rx_action+0x133/0x270 [1136314.561619] __do_softirq+0xbe/0x28e [1136314.569303] do_softirq+0x3f/0x60 This comes from __xdp_return() call with xdp_buff argument passed as NULL which is supposed to be consumed by xsk_buff_free() call. To address this properly, in ZC case, a node that represents the frag being removed has to be pulled out of xskb_list. Introduce appropriate xsk helpers to do such node operation and use them accordingly within bpf_xdp_adjust_tail(). CVE-2024-26611 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26611.html CVE-2024-26611 https://bugzilla.suse.com/1221303 SUSE Bug 1221303 In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix disable_managed_interrupts Correct blk-mq registration issue with module parameter disable_managed_interrupts enabled. When we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to register with blk-mq using blk_mq_map_queues(). The driver is currently calling blk_mq_pci_map_queues() which results in a stack trace and possibly undefined behavior. Stack Trace: [ 7.860089] scsi host2: smartpqi [ 7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0 [ 7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse [ 7.924755] CPU: 0 PID: 238 Comm: kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1 [ 7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022 [ 7.963026] Workqueue: events work_for_cpu_fn [ 7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0 [ 7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 <0f> 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54 [ 7.978280] RSP: 0018:ffffa95fc3707d50 EFLAGS: 00010216 [ 7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000010 [ 7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310 [ 7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00 [ 7.978287] R10: 0000000000000001 R11: ffffa95fc3707ac0 R12: 0000000000000000 [ 7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15: ffff9190c4c950a8 [ 7.978290] FS: 0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000 [ 7.978292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.172814] CR2: 000055d11166c000 CR3: 00000002dae10002 CR4: 00000000007706f0 [ 8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 8.172818] PKRU: 55555554 [ 8.172819] Call Trace: [ 8.172823] blk_mq_alloc_tag_set+0x12e/0x310 [ 8.264339] scsi_add_host_with_dma.cold.9+0x30/0x245 [ 8.279302] pqi_ctrl_init+0xacf/0xc8e [smartpqi] [ 8.294085] ? pqi_pci_probe+0x480/0x4c8 [smartpqi] [ 8.309015] pqi_pci_probe+0x480/0x4c8 [smartpqi] [ 8.323286] local_pci_probe+0x42/0x80 [ 8.337855] work_for_cpu_fn+0x16/0x20 [ 8.351193] process_one_work+0x1a7/0x360 [ 8.364462] ? create_worker+0x1a0/0x1a0 [ 8.379252] worker_thread+0x1ce/0x390 [ 8.392623] ? create_worker+0x1a0/0x1a0 [ 8.406295] kthread+0x10a/0x120 [ 8.418428] ? set_kthread_struct+0x50/0x50 [ 8.431532] ret_from_fork+0x1f/0x40 [ 8.444137] ---[ end trace 1bf0173d39354506 ]--- CVE-2024-26742 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26742.html CVE-2024-26742 https://bugzilla.suse.com/1222608 SUSE Bug 1222608 In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed with are system physical addresses (SPA). During HDM decoder setup, the DVSEC CXL range registers (cxl-3.1, 8.1.3.8) are checked if the memory is enabled and the CXL range is in a HPA window that is described in a CFMWS structure of the CXL host bridge (cxl-3.1, 9.18.1.3). Now, if the HPA is not an SPA, the CXL range does not match a CFMWS window and the CXL memory range will be disabled then. The HDM decoder stops working which causes system memory being disabled and further a system hang during HDM decoder initialization, typically when a CXL enabled kernel boots. Prevent a system hang and do not disable the HDM decoder if the decoder's CXL range is not found in a CFMWS window. Note the change only fixes a hardware hang, but does not implement HPA/SPA translation. Support for this can be added in a follow on patch series. CVE-2024-26761 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26761.html CVE-2024-26761 https://bugzilla.suse.com/1230375 SUSE Bug 1230375 In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is submitted by libaio. CVE-2024-26764 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26764.html CVE-2024-26764 https://bugzilla.suse.com/1222721 SUSE Bug 1222721 In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix iopt_access_list_id overwrite bug Syzkaller reported the following WARN_ON: WARNING: CPU: 1 PID: 4738 at drivers/iommu/iommufd/io_pagetable.c:1360 Call Trace: iommufd_access_change_ioas+0x2fe/0x4e0 iommufd_access_destroy_object+0x50/0xb0 iommufd_object_remove+0x2a3/0x490 iommufd_object_destroy_user iommufd_access_destroy+0x71/0xb0 iommufd_test_staccess_release+0x89/0xd0 __fput+0x272/0xb50 __fput_sync+0x4b/0x60 __do_sys_close __se_sys_close __x64_sys_close+0x8b/0x110 do_syscall_x64 The mismatch between the access pointer in the list and the passed-in pointer is resulting from an overwrite of access->iopt_access_list_id, in iopt_add_access(). Called from iommufd_access_change_ioas() when xa_alloc() succeeds but iopt_calculate_iova_alignment() fails. Add a new_id in iopt_add_access() and only update iopt_access_list_id when returning successfully. CVE-2024-26786 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26786.html CVE-2024-26786 https://bugzilla.suse.com/1222780 SUSE Bug 1222780 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between ordered extent completion and fiemap For fiemap we recently stopped locking the target extent range for the whole duration of the fiemap call, in order to avoid a deadlock in a scenario where the fiemap buffer happens to be a memory mapped range of the same file. This use case is very unlikely to be useful in practice but it may be triggered by fuzz testing (syzbot, etc). However by not locking the target extent range for the whole duration of the fiemap call we can race with an ordered extent. This happens like this: 1) The fiemap task finishes processing a file extent item that covers the file range [512K, 1M[, and that file extent item is the last item in the leaf currently being processed; 2) And ordered extent for the file range [768K, 2M[, in COW mode, completes (btrfs_finish_one_ordered()) and the file extent item covering the range [512K, 1M[ is trimmed to cover the range [512K, 768K[ and then a new file extent item for the range [768K, 2M[ is inserted in the inode's subvolume tree; 3) The fiemap task calls fiemap_next_leaf_item(), which then calls btrfs_next_leaf() to find the next leaf / item. This finds that the the next key following the one we previously processed (its type is BTRFS_EXTENT_DATA_KEY and its offset is 512K), is the key corresponding to the new file extent item inserted by the ordered extent, which has a type of BTRFS_EXTENT_DATA_KEY and an offset of 768K; 4) Later the fiemap code ends up at emit_fiemap_extent() and triggers the warning: if (cache->offset + cache->len > offset) { WARN_ON(1); return -EINVAL; } Since we get 1M > 768K, because the previously emitted entry for the old extent covering the file range [512K, 1M[ ends at an offset that is greater than the new extent's start offset (768K). This makes fiemap fail with -EINVAL besides triggering the warning that produces a stack trace like the following: [1621.677651] ------------[ cut here ]------------ [1621.677656] WARNING: CPU: 1 PID: 204366 at fs/btrfs/extent_io.c:2492 emit_fiemap_extent+0x84/0x90 [btrfs] [1621.677899] Modules linked in: btrfs blake2b_generic (...) [1621.677951] CPU: 1 PID: 204366 Comm: pool Not tainted 6.8.0-rc5-btrfs-next-151+ #1 [1621.677954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [1621.677956] RIP: 0010:emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678033] Code: 2b 4c 89 63 (...) [1621.678035] RSP: 0018:ffffab16089ffd20 EFLAGS: 00010206 [1621.678037] RAX: 00000000004fa000 RBX: ffffab16089ffe08 RCX: 0000000000009000 [1621.678039] RDX: 00000000004f9000 RSI: 00000000004f1000 RDI: ffffab16089ffe90 [1621.678040] RBP: 00000000004f9000 R08: 0000000000001000 R09: 0000000000000000 [1621.678041] R10: 0000000000000000 R11: 0000000000001000 R12: 0000000041d78000 [1621.678043] R13: 0000000000001000 R14: 0000000000000000 R15: ffff9434f0b17850 [1621.678044] FS: 00007fa6e20006c0(0000) GS:ffff943bdfa40000(0000) knlGS:0000000000000000 [1621.678046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1621.678048] CR2: 00007fa6b0801000 CR3: 000000012d404002 CR4: 0000000000370ef0 [1621.678053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1621.678055] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1621.678056] Call Trace: [1621.678074] <TASK> [1621.678076] ? __warn+0x80/0x130 [1621.678082] ? emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678159] ? report_bug+0x1f4/0x200 [1621.678164] ? handle_bug+0x42/0x70 [1621.678167] ? exc_invalid_op+0x14/0x70 [1621.678170] ? asm_exc_invalid_op+0x16/0x20 [1621.678178] ? emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678253] extent_fiemap+0x766 ---truncated--- CVE-2024-26794 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26794.html CVE-2024-26794 https://bugzilla.suse.com/1222426 SUSE Bug 1222426 In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvme_delete_ctrl and ida_destroy has been added by the initial commit. There is some logic around trying to prevent from hanging forever in wait_for_completion, though it does not handling all cases. E.g. blktests is able to reproduce the situation where the module unload hangs forever. If we completely rely on the cleanup code executed from the nvme_delete_ctrl path, all IDs will be freed eventually. This makes calling ida_destroy unnecessary. We only have to ensure that all nvme_delete_ctrl code has been executed before we leave nvme_fc_exit_module. This is done by flushing the nvme_delete_wq workqueue. While at it, remove the unused nvme_fc_wq workqueue too. CVE-2024-26846 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26846.html CVE-2024-26846 https://bugzilla.suse.com/1223023 SUSE Bug 1223023 In the Linux kernel, the following vulnerability has been resolved: igc: avoid returning frame twice in XDP_REDIRECT When a frame can not be transmitted in XDP_REDIRECT (e.g. due to a full queue), it is necessary to free it by calling xdp_return_frame_rx_napi. However, this is the responsibility of the caller of the ndo_xdp_xmit (see for example bq_xmit_all in kernel/bpf/devmap.c) and thus calling it inside igc_xdp_xmit (which is the ndo_xdp_xmit of the igc driver) as well will lead to memory corruption. In fact, bq_xmit_all expects that it can return all frames after the last successfully transmitted one. Therefore, break for the first not transmitted frame, but do not call xdp_return_frame_rx_napi in igc_xdp_xmit. This is equally implemented in other Intel drivers such as the igb. There are two alternatives to this that were rejected: 1. Return num_frames as all the frames would have been transmitted and release them inside igc_xdp_xmit. While it might work technically, it is not what the return value is meant to represent (i.e. the number of SUCCESSFULLY transmitted packets). 2. Rework kernel/bpf/devmap.c and all drivers to support non-consecutively dropped packets. Besides being complex, it likely has a negative performance impact without a significant gain since it is anyway unlikely that the next frame can be transmitted if the previous one was dropped. The memory corruption can be reproduced with the following script which leads to a kernel panic after a few seconds. It basically generates more traffic than a i225 NIC can transmit and pushes it via XDP_REDIRECT from a virtual interface to the physical interface where frames get dropped. #!/bin/bash INTERFACE=enp4s0 INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex` sudo ip link add dev veth1 type veth peer name veth2 sudo ip link set up $INTERFACE sudo ip link set up veth1 sudo ip link set up veth2 cat << EOF > redirect.bpf.c SEC("prog") int redirect(struct xdp_md *ctx) { return bpf_redirect($INTERFACE_IDX, 0); } char _license[] SEC("license") = "GPL"; EOF clang -O2 -g -Wall -target bpf -c redirect.bpf.c -o redirect.bpf.o sudo ip link set veth2 xdp obj redirect.bpf.o cat << EOF > pass.bpf.c SEC("prog") int pass(struct xdp_md *ctx) { return XDP_PASS; } char _license[] SEC("license") = "GPL"; EOF clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o sudo ip link set $INTERFACE xdp obj pass.bpf.o cat << EOF > trafgen.cfg { /* Ethernet Header */ 0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, const16(ETH_P_IP), /* IPv4 Header */ 0b01000101, 0, # IPv4 version, IHL, TOS const16(1028), # IPv4 total length (UDP length + 20 bytes (IP header)) const16(2), # IPv4 ident 0b01000000, 0, # IPv4 flags, fragmentation off 64, # IPv4 TTL 17, # Protocol UDP csumip(14, 33), # IPv4 checksum /* UDP Header */ 10, 0, 1, 1, # IP Src - adapt as needed 10, 0, 1, 2, # IP Dest - adapt as needed const16(6666), # UDP Src Port const16(6666), # UDP Dest Port const16(1008), # UDP length (UDP header 8 bytes + payload length) csumudp(14, 34), # UDP checksum /* Payload */ fill('W', 1000), } EOF sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp CVE-2024-26853 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26853.html CVE-2024-26853 https://bugzilla.suse.com/1223061 SUSE Bug 1223061 In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the last thing destroyed in ice_dpll_deinit. This fixes the following warning with CONFIG_DEBUG_MUTEXES: ice 0000:10:00.0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.36.0 ice 0000:10:00.0: 252.048 Gb/s available PCIe bandwidth (16.0 GT/s PCIe x16 link) ice 0000:10:00.0: PTP init successful ------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 0 PID: 410 at kernel/locking/mutex.c:587 __mutex_lock+0x773/0xd40 Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ice(+) nvme nvme_c> CPU: 0 PID: 410 Comm: kworker/0:4 Not tainted 6.8.0-rc5+ #3 Hardware name: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 10/19/2023 Workqueue: events work_for_cpu_fn RIP: 0010:__mutex_lock+0x773/0xd40 Code: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a> RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000 RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffbfff R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8 FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b5852cc000 CR3: 000000003c43a004 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __warn+0x84/0x170 ? __mutex_lock+0x773/0xd40 ? report_bug+0x1c7/0x1d0 ? prb_read_valid+0x1b/0x30 ? handle_bug+0x42/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? __mutex_lock+0x773/0xd40 ? rcu_is_watching+0x11/0x50 ? __kmalloc_node_track_caller+0x346/0x490 ? ice_dpll_lock_status_get+0x28/0x50 [ice] ? __pfx_ice_dpll_lock_status_get+0x10/0x10 [ice] ? ice_dpll_lock_status_get+0x28/0x50 [ice] ice_dpll_lock_status_get+0x28/0x50 [ice] dpll_device_get_one+0x14f/0x2e0 dpll_device_event_send+0x7d/0x150 dpll_device_register+0x124/0x180 ice_dpll_init_dpll+0x7b/0xd0 [ice] ice_dpll_init+0x224/0xa40 [ice] ? _dev_info+0x70/0x90 ice_load+0x468/0x690 [ice] ice_probe+0x75b/0xa10 [ice] ? _raw_spin_unlock_irqrestore+0x4f/0x80 ? process_one_work+0x1a3/0x500 local_pci_probe+0x47/0xa0 work_for_cpu_fn+0x17/0x30 process_one_work+0x20d/0x500 worker_thread+0x1df/0x3e0 ? __pfx_worker_thread+0x10/0x10 kthread+0x103/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> irq event stamp: 125197 hardirqs last enabled at (125197): [<ffffffff8416409d>] finish_task_switch.isra.0+0x12d/0x3d0 hardirqs last disabled at (125196): [<ffffffff85134044>] __schedule+0xea4/0x19f0 softirqs last enabled at (105334): [<ffffffff84e1e65a>] napi_get_frags_check+0x1a/0x60 softirqs last disabled at (105332): [<ffffffff84e1e65a>] napi_get_frags_check+0x1a/0x60 ---[ end trace 0000000000000000 ]--- CVE-2024-26854 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26854.html CVE-2024-26854 https://bugzilla.suse.com/1223039 SUSE Bug 1223039 In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a check to ensure that br_spec is not NULL before proceeding with the nested attribute iteration. CVE-2024-26855 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26855.html CVE-2024-26855 https://bugzilla.suse.com/1223051 SUSE Bug 1223051 In the Linux kernel, the following vulnerability has been resolved: net: sparx5: Fix use after free inside sparx5_del_mact_entry Based on the static analyzis of the code it looks like when an entry from the MAC table was removed, the entry was still used after being freed. More precise the vid of the mac_entry was used after calling devm_kfree on the mac_entry. The fix consists in first using the vid of the mac_entry to delete the entry from the HW and after that to free it. CVE-2024-26856 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26856.html CVE-2024-26856 https://bugzilla.suse.com/1223052 SUSE Bug 1223052 In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneve_rx() syzbot triggered a bug in geneve_rx() [1] Issue is similar to the one I fixed in commit 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head. [1] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline] BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] geneve_rx drivers/net/geneve.c:279 [inline] geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346 __udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422 udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [inline] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [inline] ip_rcv_finish net/ipv4/ip_input.c:449 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648 process_backlog+0x480/0x8b0 net/core/dev.c:5976 __napi_poll+0xe3/0x980 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x8b8/0x1870 net/core/dev.c:6778 __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553 do_softirq+0x9a/0xf0 kernel/softirq.c:454 __local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline] __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378 dev_queue_xmit include/linux/netdevice.h:3171 [inline] packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3081 [inline] packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook mm/slub.c:3819 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x352/0x790 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1296 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783 packet_alloc_skb net/packet/af_packet.c:2930 [inline] packet_snd net/packet/af_packet.c:3024 [inline] packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CVE-2024-26857 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26857.html CVE-2024-26857 https://bugzilla.suse.com/1223058 SUSE Bug 1223058 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map Just simply reordering the functions mlx5e_ptp_metadata_map_put and mlx5e_ptpsq_track_metadata in the mlx5e_txwqe_complete context is not good enough since both the compiler and CPU are free to reorder these two functions. If reordering does occur, the issue that was supposedly fixed by 7e3f3ba97e6c ("net/mlx5e: Track xmit submission to PTP WQ after populating metadata map") will be seen. This will lead to NULL pointer dereferences in mlx5e_ptpsq_mark_ts_cqes_undelivered in the NAPI polling context due to the tracking list being populated before the metadata map. CVE-2024-26858 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26858.html CVE-2024-26858 https://bugzilla.suse.com/1223020 SUSE Bug 1223020 In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE() annotations to mark the data race as intentional. BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0: counter_validate drivers/net/wireguard/receive.c:321 [inline] wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461 __napi_poll+0x60/0x3b0 net/core/dev.c:6536 napi_poll net/core/dev.c:6605 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6738 __do_softirq+0xc4/0x279 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline] wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499 process_one_work kernel/workqueue.c:2633 [inline] ... read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1: decrypt_packet drivers/net/wireguard/receive.c:252 [inline] wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 worker_thread+0x525/0x730 kernel/workqueue.c:2787 ... CVE-2024-26861 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26861.html CVE-2024-26861 https://bugzilla.suse.com/1223076 SUSE Bug 1223076 In the Linux kernel, the following vulnerability has been resolved: spi: lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is allocating/disposing memory manually with spi_alloc_host()/spi_alloc_target(), but uses devm_spi_register_controller(). In case of error after the latter call the memory will be explicitly freed in the probe function by spi_controller_put() call, but used afterwards by "devm" management outside probe() (spi_unregister_controller() <- devm_spi_unregister() below). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 ... Call trace: kernfs_find_ns kernfs_find_and_get_ns sysfs_remove_group sysfs_remove_groups device_remove_attrs device_del spi_unregister_controller devm_spi_unregister release_nodes devres_release_all really_probe driver_probe_device __device_attach_driver bus_for_each_drv __device_attach device_initial_probe bus_probe_device deferred_probe_work_func process_one_work worker_thread kthread ret_from_fork CVE-2024-26866 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26866.html CVE-2024-26866 https://bugzilla.suse.com/1223024 SUSE Bug 1223024 In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP: 0010:ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles] Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x286/0x380 ? __rpc_execute+0x2c3/0x470 [sunrpc] ? rpc_new_task+0x42/0x1c0 [sunrpc] ? exc_page_fault+0x5d/0x110 ? asm_exc_page_fault+0x22/0x30 ? ff_layout_free_layoutreturn+0x110/0x110 [nfs_layout_flexfiles] ? ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles] ? ff_layout_cancel_io+0x6f/0x90 [nfs_layout_flexfiles] pnfs_mark_matching_lsegs_return+0x1b0/0x360 [nfsv4] pnfs_error_mark_layout_for_return+0x9e/0x110 [nfsv4] ? ff_layout_send_layouterror+0x50/0x160 [nfs_layout_flexfiles] nfs4_ff_layout_prepare_ds+0x11f/0x290 [nfs_layout_flexfiles] ff_layout_pg_init_write+0xf0/0x1f0 [nfs_layout_flexfiles] __nfs_pageio_add_request+0x154/0x6c0 [nfs] nfs_pageio_add_request+0x26b/0x380 [nfs] nfs_do_writepage+0x111/0x1e0 [nfs] nfs_writepages_callback+0xf/0x30 [nfs] write_cache_pages+0x17f/0x380 ? nfs_pageio_init_write+0x50/0x50 [nfs] ? nfs_writepages+0x6d/0x210 [nfs] ? nfs_writepages+0x6d/0x210 [nfs] nfs_writepages+0x125/0x210 [nfs] do_writepages+0x67/0x220 ? generic_perform_write+0x14b/0x210 filemap_fdatawrite_wbc+0x5b/0x80 file_write_and_wait_range+0x6d/0xc0 nfs_file_fsync+0x81/0x170 [nfs] ? nfs_file_mmap+0x60/0x60 [nfs] __x64_sys_fsync+0x53/0x90 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Inspecting the core with drgn I was able to pull this >>> prog.crashed_thread().stack_trace()[0] #0 at 0xffffffffa079657a (ff_layout_cancel_io+0x3a/0x84) in ff_layout_cancel_io at fs/nfs/flexfilelayout/flexfilelayout.c:2021:27 >>> prog.crashed_thread().stack_trace()[0]['idx'] (u32)1 >>> prog.crashed_thread().stack_trace()[0]['flseg'].mirror_array[1].mirror_ds (struct nfs4_ff_layout_ds *)0xffffffffffffffed This is clear from the stack trace, we call nfs4_ff_layout_prepare_ds() which could error out initializing the mirror_ds, and then we go to clean it all up and our check is only for if (!mirror->mirror_ds). This is inconsistent with the rest of the users of mirror_ds, which have if (IS_ERR_OR_NULL(mirror_ds)) to keep from tripping over this exact scenario. Fix this up in ff_layout_cancel_io() to make sure we don't panic when we get an error. I also spot checked all the other instances of checking mirror_ds and we appear to be doing the correct checks everywhere, only unconditionally dereferencing mirror_ds when we know it would be valid. CVE-2024-26868 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26868.html CVE-2024-26868 https://bugzilla.suse.com/1223038 SUSE Bug 1223038 In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size > 0, nfs4_listxattr() does not return an error because either generic_listxattr() or nfs4_listxattr_nfs4_label() consumes exactly all the bytes then size is 0 when calling nfs4_listxattr_nfs4_user() which then triggers the following kernel BUG: [ 99.403778] kernel BUG at mm/usercopy.c:102! [ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1 [ 99.415827] Call trace: [ 99.415985] usercopy_abort+0x70/0xa0 [ 99.416227] __check_heap_object+0x134/0x158 [ 99.416505] check_heap_object+0x150/0x188 [ 99.416696] __check_object_size.part.0+0x78/0x168 [ 99.416886] __check_object_size+0x28/0x40 [ 99.417078] listxattr+0x8c/0x120 [ 99.417252] path_listxattr+0x78/0xe0 [ 99.417476] __arm64_sys_listxattr+0x28/0x40 [ 99.417723] invoke_syscall+0x78/0x100 [ 99.417929] el0_svc_common.constprop.0+0x48/0xf0 [ 99.418186] do_el0_svc+0x24/0x38 [ 99.418376] el0_svc+0x3c/0x110 [ 99.418554] el0t_64_sync_handler+0x120/0x130 [ 99.418788] el0t_64_sync+0x194/0x198 [ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000) Issue is reproduced when generic_listxattr() returns 'system.nfs4_acl', thus calling lisxattr() with size = 16 will trigger the bug. Add check on nfs4_listxattr() to return ERANGE error when it is called with size > 0 and the return value is greater than size. CVE-2024-26870 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26870.html CVE-2024-26870 https://bugzilla.suse.com/1223113 SUSE Bug 1223113 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD_TS_VLD_B bit, so, if match this case, the access of hdev->ptp->flags will cause a kernel crash: [ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 [ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge] [ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge] [ 5889.279101] sp : ffff800012c3bc50 [ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040 [ 5889.289927] x27: ffff800009116484 x26: 0000000080007500 [ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000 [ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000 [ 5889.309134] x21: 0000000000000000 x20: ffff204004220080 [ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000 [ 5889.321897] x17: 0000000000000000 x16: 0000000000000000 [ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000 [ 5889.334617] x13: 0000000000000000 x12: 00000000010011df [ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000 [ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d [ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480 [ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000 [ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000 [ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080 [ 5889.378857] Call trace: [ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge] [ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3] [ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3] [ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3] [ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3] [ 5889.411084] napi_poll+0xcc/0x264 [ 5889.415329] net_rx_action+0xd4/0x21c [ 5889.419911] __do_softirq+0x130/0x358 [ 5889.424484] irq_exit+0x134/0x154 [ 5889.428700] __handle_domain_irq+0x88/0xf0 [ 5889.433684] gic_handle_irq+0x78/0x2c0 [ 5889.438319] el1_irq+0xb8/0x140 [ 5889.442354] arch_cpu_idle+0x18/0x40 [ 5889.446816] default_idle_call+0x5c/0x1c0 [ 5889.451714] cpuidle_idle_call+0x174/0x1b0 [ 5889.456692] do_idle+0xc8/0x160 [ 5889.460717] cpu_startup_entry+0x30/0xfc [ 5889.465523] secondary_start_kernel+0x158/0x1ec [ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80) [ 5889.477950] SMP: stopping secondary CPUs [ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95 [ 5890.522951] Starting crashdump kernel... CVE-2024-26881 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26881.html CVE-2024-26881 https://bugzilla.suse.com/1223041 SUSE Bug 1223041 In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 CVE-2024-26900 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26900.html CVE-2024-26900 https://bugzilla.suse.com/1223046 SUSE Bug 1223046 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a normal connection and disconnection process with the testcase that triggered a KASAN report. We analyzed the cause of this bug as follows: 1. In the packets captured during a normal connection, the host sends a `Read Encryption Key Size` type of `HCI_CMD` packet (Command Opcode: 0x1408) to the controller to inquire the length of encryption key.After receiving this packet, the controller immediately replies with a Command Completepacket (Event Code: 0x0e) to return the Encryption Key Size. 2. In our fuzz test case, the timing of the controller's response to this packet was delayed to an unexpected point: after the RFCOMM and L2CAP layers had disconnected but before the HCI layer had disconnected. 3. After receiving the Encryption Key Size Response at the time described in point 2, the host still called the rfcomm_check_security function. However, by this time `struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;` had already been released, and when the function executed `return hci_conn_security(conn->hcon, d->sec_level, auth_type, d->out);`, specifically when accessing `conn->hcon`, a null-ptr-deref error occurred. To fix this bug, check if `sk->sk_state` is BT_CLOSED before calling rfcomm_recv_frame in rfcomm_process_rx. CVE-2024-26903 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26903.html CVE-2024-26903 https://bugzilla.suse.com/1223187 SUSE Bug 1223187 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. CVE-2024-26922 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26922.html CVE-2024-26922 https://bugzilla.suse.com/1223315 SUSE Bug 1223315 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano) CVE-2024-26924 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26924.html CVE-2024-26924 https://bugzilla.suse.com/1223387 SUSE Bug 1223387 In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is kfreed by pd_capabilities_release() and the second time is explicitly kfreed by tcpm_port_unregister_pd(). [ 3.988059] BUG: KASAN: double-free in tcpm_port_unregister_pd+0x1a4/0x3dc [ 3.995001] Free of addr ffff0008164d3000 by task kworker/u16:0/10 [ 4.001206] [ 4.002712] CPU: 2 PID: 10 Comm: kworker/u16:0 Not tainted 6.8.0-rc5-next-20240220-05616-g52728c567a55 #53 [ 4.012402] Hardware name: Freescale i.MX8QXP MEK (DT) [ 4.017569] Workqueue: events_unbound deferred_probe_work_func [ 4.023456] Call trace: [ 4.025920] dump_backtrace+0x94/0xec [ 4.029629] show_stack+0x18/0x24 [ 4.032974] dump_stack_lvl+0x78/0x90 [ 4.036675] print_report+0xfc/0x5c0 [ 4.040289] kasan_report_invalid_free+0xa0/0xc0 [ 4.044937] __kasan_slab_free+0x124/0x154 [ 4.049072] kfree+0xb4/0x1e8 [ 4.052069] tcpm_port_unregister_pd+0x1a4/0x3dc [ 4.056725] tcpm_register_port+0x1dd0/0x2558 [ 4.061121] tcpci_register_port+0x420/0x71c [ 4.065430] tcpci_probe+0x118/0x2e0 To fix the issue, this will remove kree() from tcpm_port_unregister_pd(). CVE-2024-26932 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26932.html CVE-2024-26932 https://bugzilla.suse.com/1223649 SUSE Bug 1223649 In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported-and-tested by: Yue Sun <samsun1006219@gmail.com> Reported by: xingwei lee <xrivendell7@gmail.com> CVE-2024-26934 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26934.html CVE-2024-26934 https://bugzilla.suse.com/1223671 SUSE Bug 1223671 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led to a potential duplicate call to the hostdir_rm() routine, since it's also called from scsi_host_dev_release(). That triggered a regression report, which was then fixed by commit be03df3d4bfe ("scsi: core: Fix a procfs host directory removal regression"). The fix just dropped the hostdir_rm() call from dev_release(). But it happens that this proc directory is created on scsi_host_alloc(), and that function "pairs" with scsi_host_dev_release(), while scsi_remove_host() pairs with scsi_add_host(). In other words, it seems the reason for removing the proc directory on dev_release() was meant to cover cases in which a SCSI host structure was allocated, but the call to scsi_add_host() didn't happen. And that pattern happens to exist in some error paths, for example. Syzkaller causes that by using USB raw gadget device, error'ing on usb-storage driver, at usb_stor_probe2(). By checking that path, we can see that the BadDevice label leads to a scsi_host_put() after a SCSI host allocation, but there's no call to scsi_add_host() in such path. That leads to messages like this in dmesg (and a leak of the SCSI host proc structure): usb-storage 4-1:87.51: USB Mass Storage device detected proc_dir_entry 'scsi/usb-storage' already registered WARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376 The proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(), but guard that with the state check for SHOST_CREATED; there is even a comment in scsi_host_dev_release() detailing that: such conditional is meant for cases where the SCSI host was allocated but there was no calls to {add,remove}_host(), like the usb-storage case. This is what we propose here and with that, the error path of usb-storage does not trigger the warning anymore. CVE-2024-26935 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26935.html CVE-2024-26935 https://bugzilla.suse.com/1223675 SUSE Bug 1223675 In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. This preempt-to-busy race can be triggered by the heartbeat, which will also act as the power-management barrier and upon completion allow us to idle the HW. We may process the completion of the heartbeat, and begin parking the engine before the CS event that restores the queue_priority_hint, causing us to fail the assertion that it is MIN. <3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 166.210781] Dumping ftrace buffer: <0>[ 166.210795] --------------------------------- ... <0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 } <0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646 <0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0 <0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659 <0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40 <0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 } <0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2 <0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin <0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2 <0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin <0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660 <0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns } <0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked <0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040 <0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns } <0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns } <0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 167.303811] --------------------------------- <4>[ 167.304722] ------------[ cut here ]------------ <2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283! <4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1 <4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 <4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915] <4>[ 16 ---truncated--- CVE-2024-26937 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26937.html CVE-2024-26937 https://bugzilla.suse.com/1223677 SUSE Bug 1223677 In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We won't be able to tell whether the port is DP++ or not, but so be it. (cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733) CVE-2024-26938 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26938.html CVE-2024-26938 https://bugzilla.suse.com/1223678 SUSE Bug 1223678 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the corresponding ttm_resource_manager is not allocated. This leads to a crash when trying to read from this file. Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file only when the corresponding ttm_resource_manager is allocated. crash> bt PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep" #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3 #1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a #2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1 #3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1 #4 [ffffb954506b3c70] no_context at ffffffffb2a7e913 #5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c #6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887 #7 [ffffb954506b3d40] page_fault at ffffffffb360116e [exception RIP: ttm_resource_manager_debug+0x11] RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246 RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940 RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000 RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000 R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm] #9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3 RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985 RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003 RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000 R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003 ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b CVE-2024-26940 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26940.html CVE-2024-26940 https://bugzilla.suse.com/1223718 SUSE Bug 1223718 In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null if the physical memory has run out. As a result, if we dereference src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs will happen. Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, this patch switches kcalloc() to kvcalloc() in order to avoid failing allocations. CVE-2024-26943 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26943.html CVE-2024-26943 https://bugzilla.suse.com/1230527 SUSE Bug 1230527 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplay_table initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplay_table is NULL. CVE-2024-26949 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26949.html CVE-2024-26949 https://bugzilla.suse.com/1223665 SUSE Bug 1223665 In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers. CVE-2024-26950 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26950.html CVE-2024-26950 https://bugzilla.suse.com/1223661 SUSE Bug 1223661 In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), rather than setting peer_list to empty, the peer is added to a temporary list with a head on the stack of wg_peer_remove_all(). If a netlink dump is resumed and the cursored peer is one that has been removed via wg_peer_remove_all(), it will iterate from that peer and then attempt to dump freed peers. Fix this by instead checking peer->is_dead, which was explictly created for this purpose. Also move up the device_update_lock lockdep assertion, since reading is_dead relies on that. It can be reproduced by a small script like: echo "Setting config..." ip link add dev wg0 type wireguard wg setconf wg0 /big-config ( while true; do echo "Showing config..." wg showconf wg0 > /dev/null done ) & sleep 4 wg setconf wg0 <(printf "[Peer]\nPublicKey=$(wg genkey)\n") Resulting in: BUG: KASAN: slab-use-after-free in __lock_acquire+0x182a/0x1b20 Read of size 8 at addr ffff88811956ec70 by task wg/59 CPU: 2 PID: 59 Comm: wg Not tainted 6.8.0-rc2-debug+ #5 Call Trace: <TASK> dump_stack_lvl+0x47/0x70 print_address_description.constprop.0+0x2c/0x380 print_report+0xab/0x250 kasan_report+0xba/0xf0 __lock_acquire+0x182a/0x1b20 lock_acquire+0x191/0x4b0 down_read+0x80/0x440 get_peer+0x140/0xcb0 wg_get_device_dump+0x471/0x1130 CVE-2024-26951 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26951.html CVE-2024-26951 https://bugzilla.suse.com/1223660 SUSE Bug 1223660 In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcrypt_card. The reason was an incorrect reference handling of the zcrypt card object which could lead to a free of the zcrypt card object while it was still in use. This is an example of the slab message: kernel: 0x00000000885a7512-0x00000000885a7513 @offset=1298. First byte 0x68 instead of 0x6b kernel: Allocated in zcrypt_card_alloc+0x36/0x70 [zcrypt] age=18046 cpu=3 pid=43 kernel: kmalloc_trace+0x3f2/0x470 kernel: zcrypt_card_alloc+0x36/0x70 [zcrypt] kernel: zcrypt_cex4_card_probe+0x26/0x380 [zcrypt_cex4] kernel: ap_device_probe+0x15c/0x290 kernel: really_probe+0xd2/0x468 kernel: driver_probe_device+0x40/0xf0 kernel: __device_attach_driver+0xc0/0x140 kernel: bus_for_each_drv+0x8c/0xd0 kernel: __device_attach+0x114/0x198 kernel: bus_probe_device+0xb4/0xc8 kernel: device_add+0x4d2/0x6e0 kernel: ap_scan_adapter+0x3d0/0x7c0 kernel: ap_scan_bus+0x5a/0x3b0 kernel: ap_scan_bus_wq_callback+0x40/0x60 kernel: process_one_work+0x26e/0x620 kernel: worker_thread+0x21c/0x440 kernel: Freed in zcrypt_card_put+0x54/0x80 [zcrypt] age=9024 cpu=3 pid=43 kernel: kfree+0x37e/0x418 kernel: zcrypt_card_put+0x54/0x80 [zcrypt] kernel: ap_device_remove+0x4c/0xe0 kernel: device_release_driver_internal+0x1c4/0x270 kernel: bus_remove_device+0x100/0x188 kernel: device_del+0x164/0x3c0 kernel: device_unregister+0x30/0x90 kernel: ap_scan_adapter+0xc8/0x7c0 kernel: ap_scan_bus+0x5a/0x3b0 kernel: ap_scan_bus_wq_callback+0x40/0x60 kernel: process_one_work+0x26e/0x620 kernel: worker_thread+0x21c/0x440 kernel: kthread+0x150/0x168 kernel: __ret_from_fork+0x3c/0x58 kernel: ret_from_fork+0xa/0x30 kernel: Slab 0x00000372022169c0 objects=20 used=18 fp=0x00000000885a7c88 flags=0x3ffff00000000a00(workingset|slab|node=0|zone=1|lastcpupid=0x1ffff) kernel: Object 0x00000000885a74b8 @offset=1208 fp=0x00000000885a7c88 kernel: Redzone 00000000885a74b0: bb bb bb bb bb bb bb bb ........ kernel: Object 00000000885a74b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk kernel: Object 00000000885a74c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk kernel: Object 00000000885a74d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk kernel: Object 00000000885a74e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk kernel: Object 00000000885a74f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk kernel: Object 00000000885a7508: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 68 4b 6b 6b 6b a5 kkkkkkkkkkhKkkk. kernel: Redzone 00000000885a7518: bb bb bb bb bb bb bb bb ........ kernel: Padding 00000000885a756c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ kernel: CPU: 0 PID: 387 Comm: systemd-udevd Not tainted 6.8.0-HF #2 kernel: Hardware name: IBM 3931 A01 704 (KVM/Linux) kernel: Call Trace: kernel: [<00000000ca5ab5b8>] dump_stack_lvl+0x90/0x120 kernel: [<00000000c99d78bc>] check_bytes_and_report+0x114/0x140 kernel: [<00000000c99d53cc>] check_object+0x334/0x3f8 kernel: [<00000000c99d820c>] alloc_debug_processing+0xc4/0x1f8 kernel: [<00000000c99d852e>] get_partial_node.part.0+0x1ee/0x3e0 kernel: [<00000000c99d94ec>] ___slab_alloc+0xaf4/0x13c8 kernel: [<00000000c99d9e38>] __slab_alloc.constprop.0+0x78/0xb8 kernel: [<00000000c99dc8dc>] __kmalloc+0x434/0x590 kernel: [<00000000c9b4c0ce>] ext4_htree_store_dirent+0x4e/0x1c0 kernel: [<00000000c9b908a2>] htree_dirblock_to_tree+0x17a/0x3f0 kernel: ---truncated--- CVE-2024-26957 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26957.html CVE-2024-26957 https://bugzilla.suse.com/1223666 SUSE Bug 1223666 In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. This may lead to use-after-free in case llsec_lookup_key() is traversing the list of keys in parallel with a key deletion: refcount_t: addition on 0; use-after-free. WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0 Modules linked in: CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0x162/0x2a0 Call Trace: <TASK> llsec_lookup_key.isra.0+0x890/0x9e0 mac802154_llsec_encrypt+0x30c/0x9c0 ieee802154_subif_start_xmit+0x24/0x1e0 dev_hard_start_xmit+0x13e/0x690 sch_direct_xmit+0x2ae/0xbc0 __dev_queue_xmit+0x11dd/0x3c20 dgram_sendmsg+0x90b/0xd60 __sys_sendto+0x466/0x4c0 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x45/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Also, ieee802154_llsec_key_entry structures are not freed by mac802154_llsec_key_del(): unreferenced object 0xffff8880613b6980 (size 64): comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s) hex dump (first 32 bytes): 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x......."....... 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................ backtrace: [<ffffffff81dcfa62>] __kmem_cache_alloc_node+0x1e2/0x2d0 [<ffffffff81c43865>] kmalloc_trace+0x25/0xc0 [<ffffffff88968b09>] mac802154_llsec_key_add+0xac9/0xcf0 [<ffffffff8896e41a>] ieee802154_add_llsec_key+0x5a/0x80 [<ffffffff8892adc6>] nl802154_add_llsec_key+0x426/0x5b0 [<ffffffff86ff293e>] genl_family_rcv_msg_doit+0x1fe/0x2f0 [<ffffffff86ff46d1>] genl_rcv_msg+0x531/0x7d0 [<ffffffff86fee7a9>] netlink_rcv_skb+0x169/0x440 [<ffffffff86ff1d88>] genl_rcv+0x28/0x40 [<ffffffff86fec15c>] netlink_unicast+0x53c/0x820 [<ffffffff86fecd8b>] netlink_sendmsg+0x93b/0xe60 [<ffffffff86b91b35>] ____sys_sendmsg+0xac5/0xca0 [<ffffffff86b9c3dd>] ___sys_sendmsg+0x11d/0x1c0 [<ffffffff86b9c65a>] __sys_sendmsg+0xfa/0x1d0 [<ffffffff88eadbf5>] do_syscall_64+0x45/0xf0 [<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 Handle the proper resource release in the RCU callback function mac802154_llsec_key_del_rcu(). Note that if llsec_lookup_key() finds a key, it gets a refcount via llsec_key_get() and locally copies key id from key_entry (which is a list element). So it's safe to call llsec_key_put() and free the list entry after the RCU grace period elapses. Found by Linux Verification Center (linuxtesting.org). CVE-2024-26961 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26961.html CVE-2024-26961 https://bugzilla.suse.com/1223652 SUSE Bug 1223652 In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in following cases reshape will never make progress hence IO will hang: 1) the array is read-only; 2) MD_RECOVERY_WAIT is set; 3) MD_RECOVERY_FROZEN is set; After commit c467e97f079f ("md/raid6: use valid sector values to determine if an I/O should wait on the reshape") fix the problem that IO across reshape position doesn't wait for reshape, the dm-raid test shell/lvconvert-raid-reshape.sh start to hang: [root@fedora ~]# cat /proc/979/stack [<0>] wait_woken+0x7d/0x90 [<0>] raid5_make_request+0x929/0x1d70 [raid456] [<0>] md_handle_request+0xc2/0x3b0 [md_mod] [<0>] raid_map+0x2c/0x50 [dm_raid] [<0>] __map_bio+0x251/0x380 [dm_mod] [<0>] dm_submit_bio+0x1f0/0x760 [dm_mod] [<0>] __submit_bio+0xc2/0x1c0 [<0>] submit_bio_noacct_nocheck+0x17f/0x450 [<0>] submit_bio_noacct+0x2bc/0x780 [<0>] submit_bio+0x70/0xc0 [<0>] mpage_readahead+0x169/0x1f0 [<0>] blkdev_readahead+0x18/0x30 [<0>] read_pages+0x7c/0x3b0 [<0>] page_cache_ra_unbounded+0x1ab/0x280 [<0>] force_page_cache_ra+0x9e/0x130 [<0>] page_cache_sync_ra+0x3b/0x110 [<0>] filemap_get_pages+0x143/0xa30 [<0>] filemap_read+0xdc/0x4b0 [<0>] blkdev_read_iter+0x75/0x200 [<0>] vfs_read+0x272/0x460 [<0>] ksys_read+0x7a/0x170 [<0>] __x64_sys_read+0x1c/0x30 [<0>] do_syscall_64+0xc6/0x230 [<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 This is because reshape can't make progress. For md/raid, the problem doesn't exist because register new sync_thread doesn't rely on the IO to be done any more: 1) If array is read-only, it can switch to read-write by ioctl/sysfs; 2) md/raid never set MD_RECOVERY_WAIT; 3) If MD_RECOVERY_FROZEN is set, mddev_suspend() doesn't hold 'reconfig_mutex', hence it can be cleared and reshape can continue by sysfs api 'sync_action'. However, I'm not sure yet how to avoid the problem in dm-raid yet. This patch on the one hand make sure raid_message() can't change sync_thread() through raid_message() after presuspend(), on the other hand detect the above 3 cases before wait for IO do be done in dm_suspend(), and let dm-raid requeue those IO. CVE-2024-26962 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26962.html CVE-2024-26962 https://bugzilla.suse.com/1223654 SUSE Bug 1223654 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtime suspended when .remove() is called. Do a pm_runtime_get_sync() to make sure module is active before doing any register operations. Doing a pm_runtime_put_sync() should disable the refclk so no need to disable it again. Fixes the below warning at module removel. [ 39.705310] ------------[ cut here ]------------ [ 39.710004] clk:162:3 already disabled [ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8 We called of_platform_populate() in .probe() so call the cleanup function of_platform_depopulate() in .remove(). Get rid of the now unnnecessary dwc3_ti_remove_core(). Without this, module re-load doesn't work properly. CVE-2024-26963 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26963.html CVE-2024-26963 https://bugzilla.suse.com/1223651 SUSE Bug 1223651 In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhci_map_urb_for_dma Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -ENOMEM if kzalloc returns null pointer. CVE-2024-26964 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26964.html CVE-2024-26964 https://bugzilla.suse.com/1223650 SUSE Bug 1223650 In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length. CVE-2024-26973 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26973.html CVE-2024-26973 https://bugzilla.suse.com/1223641 SUSE Bug 1223641 In the Linux kernel, the following vulnerability has been resolved: bootconfig: use memblock_free_late to free xbc memory to buddy On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ================================================================== CVE-2024-26983 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26983.html CVE-2024-26983 https://bugzilla.suse.com/1223637 SUSE Bug 1223637 In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 8000000114e6e067 P4D 8000000114e6e067 PUD 109046067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 53891 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27 Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021 RIP: 0010:gp100_vmm_pgt_mem+0xe3/0x180 [nouveau] Code: c7 48 01 c8 49 89 45 58 85 d2 0f 84 95 00 00 00 41 0f b7 46 12 49 8b 7e 08 89 da 42 8d 2c f8 48 8b 47 08 41 83 c7 01 48 89 ee <48> 8b 40 08 ff d0 0f 1f 00 49 8b 7e 08 48 89 d9 48 8d 75 04 48 c1 RSP: 0000:ffffac20c5857838 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 00000000004d8001 RCX: 0000000000000001 RDX: 00000000004d8001 RSI: 00000000000006d8 RDI: ffffa07afe332180 RBP: 00000000000006d8 R08: ffffac20c5857ad0 R09: 0000000000ffff10 R10: 0000000000000001 R11: ffffa07af27e2de0 R12: 000000000000001c R13: ffffac20c5857ad0 R14: ffffa07a96fe9040 R15: 000000000000001c FS: 00007fe395eed7c0(0000) GS:ffffa07e2c980000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000011febe001 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ... ? gp100_vmm_pgt_mem+0xe3/0x180 [nouveau] ? gp100_vmm_pgt_mem+0x37/0x180 [nouveau] nvkm_vmm_iter+0x351/0xa20 [nouveau] ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau] ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau] ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau] ? __lock_acquire+0x3ed/0x2170 ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau] nvkm_vmm_ptes_get_map+0xc2/0x100 [nouveau] ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau] ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau] nvkm_vmm_map_locked+0x224/0x3a0 [nouveau] Adding any sort of useful debug usually makes it go away, so I hand wrote the function in a line, and debugged the asm. Every so often pt->memory->ptrs is NULL. This ptrs ptr is set in the nv50_instobj_acquire called from nvkm_kmap. If Thread A and Thread B both get to nv50_instobj_acquire around the same time, and Thread A hits the refcount_set line, and in lockstep thread B succeeds at refcount_inc_not_zero, there is a chance the ptrs value won't have been stored since refcount_set is unordered. Force a memory barrier here, I picked smp_mb, since we want it on all CPUs and it's write followed by a read. v2: use paired smp_rmb/smp_wmb. CVE-2024-26984 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26984.html CVE-2024-26984 https://bugzilla.suse.com/1223633 SUSE Bug 1223633 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a leaked mmget reference on an error handling code path that is triggered when attempting to create KFD processes while a GPU reset is in progress. CVE-2024-26986 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26986.html CVE-2024-26986 https://bugzilla.suse.com/1223728 SUSE Bug 1223728 In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extra_command_line and command_line, rather than extra_command_line and boot_command_line. When strlen(command_line) > strlen(boot_command_line), static_command_line will overflow. This patch just recovers strlen(command_line) which was miss-consolidated with strlen(boot_command_line) in the commit f5c7310ac73e ("init/main: add checks for the return value of memblock_alloc*()") CVE-2024-26988 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26988.html CVE-2024-26988 https://bugzilla.suse.com/1223747 SUSE Bug 1223747 In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsusp_save() On arm64 machines, swsusp_save() faults if it attempts to access MEMBLOCK_NOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off debug_pagealloc=off and CONFIG_KFENCE=n: Unable to handle kernel paging request at virtual address ffffff8000000000 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000eeb0b000 [ffffff8000000000] pgd=180000217fff9803, p4d=180000217fff9803, pud=180000217fff9803, pmd=180000217fff8803, pte=0000000000000000 Internal error: Oops: 0000000096000007 [#1] SMP Internal error: Oops: 0000000096000007 [#1] SMP Modules linked in: xt_multiport ipt_REJECT nf_reject_ipv4 xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_filter bpfilter rfkill at803x snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg dwmac_generic stmmac_platform snd_hda_codec stmmac joydev pcs_xpcs snd_hda_core phylink ppdev lp parport ramoops reed_solomon ip_tables x_tables nls_iso8859_1 vfat multipath linear amdgpu amdxcp drm_exec gpu_sched drm_buddy hid_generic usbhid hid radeon video drm_suballoc_helper drm_ttm_helper ttm i2c_algo_bit drm_display_helper cec drm_kms_helper drm CPU: 0 PID: 3663 Comm: systemd-sleep Not tainted 6.6.2+ #76 Source Version: 4e22ed63a0a48e7a7cff9b98b7806d8d4add7dc0 Hardware name: Greatwall GW-XXXXXX-XXX/GW-XXXXXX-XXX, BIOS KunLun BIOS V4.0 01/19/2021 pstate: 600003c5 (nZCv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : swsusp_save+0x280/0x538 lr : swsusp_save+0x280/0x538 sp : ffffffa034a3fa40 x29: ffffffa034a3fa40 x28: ffffff8000001000 x27: 0000000000000000 x26: ffffff8001400000 x25: ffffffc08113e248 x24: 0000000000000000 x23: 0000000000080000 x22: ffffffc08113e280 x21: 00000000000c69f2 x20: ffffff8000000000 x19: ffffffc081ae2500 x18: 0000000000000000 x17: 6666662074736420 x16: 3030303030303030 x15: 3038666666666666 x14: 0000000000000b69 x13: ffffff9f89088530 x12: 00000000ffffffea x11: 00000000ffff7fff x10: 00000000ffff7fff x9 : ffffffc08193f0d0 x8 : 00000000000bffe8 x7 : c0000000ffff7fff x6 : 0000000000000001 x5 : ffffffa0fff09dc8 x4 : 0000000000000000 x3 : 0000000000000027 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 000000000000004e Call trace: swsusp_save+0x280/0x538 swsusp_arch_suspend+0x148/0x190 hibernation_snapshot+0x240/0x39c hibernate+0xc4/0x378 state_store+0xf0/0x10c kobj_attr_store+0x14/0x24 The reason is swsusp_save() -> copy_data_pages() -> page_is_saveable() -> kernel_page_present() assuming that a page is always present when can_set_direct_map() is false (all of rodata_full, debug_pagealloc_enabled() and arm64_kfence_can_set_direct_map() false), irrespective of the MEMBLOCK_NOMAP ranges. Such MEMBLOCK_NOMAP regions should not be saved during hibernation. This problem was introduced by changes to the pfn_valid() logic in commit a7d9f306ba70 ("arm64: drop pfn_valid_within() and simplify pfn_valid()"). Similar to other architectures, drop the !can_set_direct_map() check in kernel_page_present() so that page_is_savable() skips such pages. [catalin.marinas@arm.com: rework commit message] CVE-2024-26989 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26989.html CVE-2024-26989 https://bugzilla.suse.com/1223748 SUSE Bug 1223748 In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word (> 256 characters), we have to stop before the length of the word buffer. CVE-2024-26994 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26994.html CVE-2024-26994 https://bugzilla.suse.com/1223750 SUSE Bug 1223750 In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pd_set Off-by-one errors happen because nr_snk_pdo and nr_src_pdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it doesn't need to be added one. When doing the power negotiation, TCPM relies on the "nr_snk_pdo" as the size of the local sink PDO array to match the Source capabilities of the partner port. If the off-by-one overflow occurs, a wrong RDO might be sent and unexpected power transfer might happen such as over voltage or over current (than expected). "nr_src_pdo" is used to set the Rp level when the port is in Source role. It is also the array size of the local Source capabilities when filling up the buffer which will be sent as the Source PDOs (such as in Power Negotiation). If the off-by-one overflow occurs, a wrong Rp level might be set and wrong Source PDOs will be sent to the partner port. This could potentially cause over current or port resets. CVE-2024-26995 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26995.html CVE-2024-26995 https://bugzilla.suse.com/1223696 SUSE Bug 1223696 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down, eth_stop() is called. At this piont, accidentally if usb transport error should happen in usb_ep_enable(), 'in_ep' and/or 'out_ep' may not be enabled. After that, ncm_disable() is called to disable for ncm unbind but gether_disconnect() is never called since 'in_ep' is not enabled. As the result, ncm object is released in ncm unbind but 'dev->port_usb' associated to 'ncm->port' is not NULL. And when ncm bind again to recover netdev, ncm object is reallocated but usb0 interface is already associated to previous released ncm object. Therefore, once usb0 interface is up and eth_start_xmit() is called, released ncm object is dereferrenced and it might cause use-after-free memory. [function unlink via configfs] usb0: eth_stop dev->port_usb=ffffff9b179c3200 --> error happens in usb_ep_enable(). NCM: ncm_disable: ncm=ffffff9b179c3200 --> no gether_disconnect() since ncm->port.in_ep->enabled is false. NCM: ncm_unbind: ncm unbind ncm=ffffff9b179c3200 NCM: ncm_free: ncm free ncm=ffffff9b179c3200 <-- released ncm [function link via configfs] NCM: ncm_alloc: ncm alloc ncm=ffffff9ac4f8a000 NCM: ncm_bind: ncm bind ncm=ffffff9ac4f8a000 NCM: ncm_set_alt: ncm=ffffff9ac4f8a000 alt=0 usb0: eth_open dev->port_usb=ffffff9b179c3200 <-- previous released ncm usb0: eth_start dev->port_usb=ffffff9b179c3200 <-- eth_start_xmit() --> dev->wrap() Unable to handle kernel paging request at virtual address dead00000000014f This patch addresses the issue by checking if 'ncm->netdev' is not NULL at ncm_disable() to call gether_disconnect() to deassociate 'dev->port_usb'. It's more reasonable to check 'ncm->netdev' to call gether_connect/disconnect rather than check 'ncm->port.in_ep->enabled' since it might not be enabled but the gether connection might be established. CVE-2024-26996 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26996.html CVE-2024-26996 https://bugzilla.suse.com/1223752 SUSE Bug 1223752 In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host: Fix dereference issue in DDMA completion flow. Fixed variable dereference issue in DDMA completion flow. CVE-2024-26997 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26997.html CVE-2024-26997 https://bugzilla.suse.com/1223741 SUSE Bug 1223741 In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as a serial console: ttyPZ0: pmz: rx irq flood ! BUG: spinlock recursion on CPU#0, swapper/0 That's because the pr_err() call in pmz_receive_chars() results in pmz_console_write() attempting to lock a spinlock already locked in pmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal BUG splat. The spinlock in question is the one in struct uart_port. Even when it's not fatal, the serial port rx function ceases to work. Also, the iteration limit doesn't play nicely with QEMU, as can be seen in the bug report linked below. A web search for other reports of the error message "pmz: rx irq flood" didn't produce anything. So I don't think this code is needed any more. Remove it. CVE-2024-26999 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-26999.html CVE-2024-26999 https://bugzilla.suse.com/1223754 SUSE Bug 1223754 In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut here ]------------ [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1 [ 85.151396] Hardware name: Freescale MXS (Device Tree) [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth] (...) [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4 [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210 (...) CVE-2024-27000 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27000.html CVE-2024-27000 https://bugzilla.suse.com/1223757 SUSE Bug 1223757 In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall through the cracks. Depending on the hardware model, URBs can have either bulk or interrupt type, and current version of vmk80xx_find_usb_endpoints() function does not take that fully into account. While this warning does not seem to be too harmful, at the very least it will crash systems with 'panic_on_warn' set on them. Fix the issue found by Syzkaller [1] by somewhat simplifying the endpoint checking process with usb_find_common_endpoints() and ensuring that only expected endpoint types are present. This patch has not been tested on real hardware. [1] Syzkaller report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline] vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818 comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067 usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399 ... Similar issue also found by Syzkaller: CVE-2024-27001 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27001.html CVE-2024-27001 https://bugzilla.suse.com/1223698 SUSE Bug 1223698 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_lock genpd_power_off_work_fn() genpd_lock() generic_pm_domain::power_off() clk_unprepare() clk_prepare_lock() CPU1: clk_prepare_lock --> genpd_lock clk_register() __clk_core_init() clk_prepare_lock() clk_pm_runtime_get() genpd_lock() Do a runtime PM get at the probe function to make sure clk_register() won't acquire the genpd lock. Instead of only modifying mt8183-mfgcfg, do this on all mediatek clock controller probings because we don't believe this would cause any regression. Verified on MT8183 and MT8192 Chromebooks. CVE-2024-27002 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27002.html CVE-2024-27002 https://bugzilla.suse.com/1223759 SUSE Bug 1223759 In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clk_summary Similar to the previous commit, we should make sure that all devices are runtime resumed before printing the clk_summary through debugfs. Failure to do so would result in a deadlock if the thread is resuming a device to print clk state and that device is also runtime resuming in another thread, e.g the screen is turning on and the display driver is starting up. We remove the calls to clk_pm_runtime_{get,put}() in this path because they're superfluous now that we know the devices are runtime resumed. This also squashes a bug where the return value of clk_pm_runtime_get() wasn't checked, leading to an RPM count underflow on error paths. CVE-2024-27003 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27003.html CVE-2024-27003 https://bugzilla.suse.com/1223761 SUSE Bug 1223761 In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008 Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c rpm_resume+0xe0/0x52c rpm_resume+0x178/0x52c __pm_runtime_resume+0x58/0x98 clk_pm_runtime_get+0x30/0xb0 clk_disable_unused_subtree+0x58/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused+0x4c/0xe4 do_one_initcall+0xcc/0x2d8 do_initcall_level+0xa4/0x148 do_initcalls+0x5c/0x9c do_basic_setup+0x24/0x30 kernel_init_freeable+0xec/0x164 kernel_init+0x28/0x120 ret_from_fork+0x10/0x20 INFO: task kworker/u16:0:9 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008 Workqueue: events_unbound deferred_probe_work_func Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c schedule_preempt_disabled+0x2c/0x48 __mutex_lock+0x238/0x488 __mutex_lock_slowpath+0x1c/0x28 mutex_lock+0x50/0x74 clk_prepare_lock+0x7c/0x9c clk_core_prepare_lock+0x20/0x44 clk_prepare+0x24/0x30 clk_bulk_prepare+0x40/0xb0 mdss_runtime_resume+0x54/0x1c8 pm_generic_runtime_resume+0x30/0x44 __genpd_runtime_resume+0x68/0x7c genpd_runtime_resume+0x108/0x1f4 __rpm_callback+0x84/0x144 rpm_callback+0x30/0x88 rpm_resume+0x1f4/0x52c rpm_resume+0x178/0x52c __pm_runtime_resume+0x58/0x98 __device_attach+0xe0/0x170 device_initial_probe+0x1c/0x28 bus_probe_device+0x3c/0x9c device_add+0x644/0x814 mipi_dsi_device_register_full+0xe4/0x170 devm_mipi_dsi_device_register_full+0x28/0x70 ti_sn_bridge_probe+0x1dc/0x2c0 auxiliary_bus_probe+0x4c/0x94 really_probe+0xcc/0x2c8 __driver_probe_device+0xa8/0x130 driver_probe_device+0x48/0x110 __device_attach_driver+0xa4/0xcc bus_for_each_drv+0x8c/0xd8 __device_attach+0xf8/0x170 device_initial_probe+0x1c/0x28 bus_probe_device+0x3c/0x9c deferred_probe_work_func+0x9c/0xd8 process_one_work+0x148/0x518 worker_thread+0x138/0x350 kthread+0x138/0x1e0 ret_from_fork+0x10/0x20 The first thread is walking the clk tree and calling clk_pm_runtime_get() to power on devices required to read the clk hardware via struct clk_ops::is_enabled(). This thread holds the clk prepare_lock, and is trying to runtime PM resume a device, when it finds that the device is in the process of resuming so the thread schedule()s away waiting for the device to finish resuming before continuing. The second thread is runtime PM resuming the same device, but the runtime resume callback is calling clk_prepare(), trying to grab the prepare_lock waiting on the first thread. This is a classic ABBA deadlock. To properly fix the deadlock, we must never runtime PM resume or suspend a device with the clk prepare_lock held. Actually doing that is near impossible today because the global prepare_lock would have to be dropped in the middle of the tree, the device runtime PM resumed/suspended, and then the prepare_lock grabbed again to ensure consistency of the clk tree topology. If anything changes with the clk tree in the meantime, we've lost and will need to start the operation all over again. Luckily, most of the time we're simply incrementing or decrementing the runtime PM count on an active device, so we don't have the chance to schedule away with the prepare_lock held. Let's fix this immediate problem that can be ---truncated--- CVE-2024-27004 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27004.html CVE-2024-27004 https://bugzilla.suse.com/1223762 SUSE Bug 1223762 In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-27008 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27008.html CVE-2024-27008 https://bugzilla.suse.com/1223802 SUSE Bug 1223802 In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_xa_ref_*_del() for multiple registrations Currently, if there are multiple registrations of the same pin on the same dpll device, following warnings are observed: WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpll_core.c:143 dpll_xa_ref_pin_del.isra.0+0x21e/0x230 WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpll_core.c:223 __dpll_pin_unregister+0x2b3/0x2c0 The problem is, that in both dpll_xa_ref_dpll_del() and dpll_xa_ref_pin_del() registration is only removed from list in case the reference count drops to zero. That is wrong, the registration has to be removed always. To fix this, remove the registration from the list and free it unconditionally, instead of doing it only when the ref reference counter reaches zero. CVE-2024-27027 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27027.html CVE-2024-27027 https://bugzilla.suse.com/1223787 SUSE Bug 1223787 In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler The TX buffer in spi_transfer can be a NULL pointer, so the interrupt handler may end up writing to the invalid memory and cause crashes. Add a check to trans->tx_buf before using it. CVE-2024-27028 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27028.html CVE-2024-27028 https://bugzilla.suse.com/1223788 SUSE Bug 1223788 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mmhub client id out-of-bounds access Properly handle cid 0x140. CVE-2024-27029 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27029.html CVE-2024-27029 https://bugzilla.suse.com/1223789 SUSE Bug 1223789 https://bugzilla.suse.com/1226184 SUSE Bug 1226184 In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time then two cores serve same event corrupting the data. CVE-2024-27030 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27030.html CVE-2024-27030 https://bugzilla.suse.com/1223790 SUSE Bug 1223790 In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not safe though since after taking xa_lock, another page in the mapping could be processed for writeback inside an interrupt, and deadlock can occur. The fix is simple and clean if we use xa_for_each_range(), which handles the iteration with RCU while reducing code complexity. The problem is easily reproduced with the following test: mount -o vers=3,fsc 127.0.0.1:/export /mnt/nfs dd if=/dev/zero of=/mnt/nfs/file1.bin bs=4096 count=1 echo 3 > /proc/sys/vm/drop_caches dd if=/mnt/nfs/file1.bin of=/dev/null umount /mnt/nfs On the console with a lockdep-enabled kernel a message similar to the following will be seen: ================================ WARNING: inconsistent lock state 6.7.0-lockdbg+ #10 Not tainted -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. test5/1708 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff888127baa598 (&xa->xa_lock#4){+.?.}-{3:3}, at: nfs_netfs_issue_read+0x1b2/0x4b0 [nfs] {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x144/0x380 _raw_spin_lock_irqsave+0x4e/0xa0 __folio_end_writeback+0x17e/0x5c0 folio_end_writeback+0x93/0x1b0 iomap_finish_ioend+0xeb/0x6a0 blk_update_request+0x204/0x7f0 blk_mq_end_request+0x30/0x1c0 blk_complete_reqs+0x7e/0xa0 __do_softirq+0x113/0x544 __irq_exit_rcu+0xfe/0x120 irq_exit_rcu+0xe/0x20 sysvec_call_function_single+0x6f/0x90 asm_sysvec_call_function_single+0x1a/0x20 pv_native_safe_halt+0xf/0x20 default_idle+0x9/0x20 default_idle_call+0x67/0xa0 do_idle+0x2b5/0x300 cpu_startup_entry+0x34/0x40 start_secondary+0x19d/0x1c0 secondary_startup_64_no_verify+0x18f/0x19b irq event stamp: 176891 hardirqs last enabled at (176891): [<ffffffffa67a0be4>] _raw_spin_unlock_irqrestore+0x44/0x60 hardirqs last disabled at (176890): [<ffffffffa67a0899>] _raw_spin_lock_irqsave+0x79/0xa0 softirqs last enabled at (176646): [<ffffffffa515d91e>] __irq_exit_rcu+0xfe/0x120 softirqs last disabled at (176633): [<ffffffffa515d91e>] __irq_exit_rcu+0xfe/0x120 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&xa->xa_lock#4); <Interrupt> lock(&xa->xa_lock#4); *** DEADLOCK *** 2 locks held by test5/1708: #0: ffff888127baa498 (&sb->s_type->i_mutex_key#22){++++}-{4:4}, at: nfs_start_io_read+0x28/0x90 [nfs] #1: ffff888127baa650 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0xa4/0x280 stack backtrace: CPU: 6 PID: 1708 Comm: test5 Kdump: loaded Not tainted 6.7.0-lockdbg+ Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Call Trace: dump_stack_lvl+0x5b/0x90 mark_lock+0xb3f/0xd20 __lock_acquire+0x77b/0x3360 _raw_spin_lock+0x34/0x80 nfs_netfs_issue_read+0x1b2/0x4b0 [nfs] netfs_begin_read+0x77f/0x980 [netfs] nfs_netfs_readahead+0x45/0x60 [nfs] nfs_readahead+0x323/0x5a0 [nfs] read_pages+0xf3/0x5c0 page_cache_ra_unbounded+0x1c8/0x280 filemap_get_pages+0x38c/0xae0 filemap_read+0x206/0x5e0 nfs_file_read+0xb7/0x140 [nfs] vfs_read+0x2a9/0x460 ksys_read+0xb7/0x140 CVE-2024-27031 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27031.html CVE-2024-27031 https://bugzilla.suse.com/1223805 SUSE Bug 1223805 In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null pointer dereference bugs will happen. This patch adds a check to judge whether allocation failure occurs. If it happens, the delayed work will be rescheduled and try again. CVE-2024-27046 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27046.html CVE-2024-27046 https://bugzilla.suse.com/1223827 SUSE Bug 1223827 In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend When the system is suspended while audio is active, the sof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during suspend the DSP is turned off, streams will be re-started after resume. If the firmware crashes during while audio is running (or when we reset the stream before suspend) then the sof_ipc4_set_multi_pipeline_state() will fail with IPC error and the state change is interrupted. This will cause misalignment between the kernel and firmware state on next DSP boot resulting errors returned by firmware for IPC messages, eventually failing the audio resume. On stream close the errors are ignored so the kernel state will be corrected on the next DSP boot, so the second boot after the DSP panic. If sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then state parameter is SOF_IPC4_PIPE_RESET and only in this case. Treat a forced pipeline reset similarly to how we treat a pcm_free by ignoring error on state sending to allow the kernel's state to be consistent with the state the firmware will have after the next boot. CVE-2024-27057 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27057.html CVE-2024-27057 https://bugzilla.suse.com/1223831 SUSE Bug 1223831 In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI [ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27 [ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021 [ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau] [ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 <48> 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe [ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206 [ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58 [ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400 [ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000 [ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0 [ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007 [ 4562.099528] FS: 00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000 [ 4562.099534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0 [ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4562.099544] Call Trace: [ 4562.099555] <TASK> [ 4562.099573] ? die_addr+0x36/0x90 [ 4562.099583] ? exc_general_protection+0x246/0x4a0 [ 4562.099593] ? asm_exc_general_protection+0x26/0x30 [ 4562.099600] ? nvkm_object_search+0x1d/0x70 [nouveau] [ 4562.099730] nvkm_ioctl+0xa1/0x250 [nouveau] [ 4562.099861] nvif_object_map_handle+0xc8/0x180 [nouveau] [ 4562.099986] nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau] [ 4562.100156] ? dma_resv_test_signaled+0x26/0xb0 [ 4562.100163] ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm] [ 4562.100182] ? __mutex_unlock_slowpath+0x2a/0x270 [ 4562.100189] nouveau_ttm_fault+0x69/0xb0 [nouveau] [ 4562.100356] __do_fault+0x32/0x150 [ 4562.100362] do_fault+0x7c/0x560 [ 4562.100369] __handle_mm_fault+0x800/0xc10 [ 4562.100382] handle_mm_fault+0x17c/0x3e0 [ 4562.100388] do_user_addr_fault+0x208/0x860 [ 4562.100395] exc_page_fault+0x7f/0x200 [ 4562.100402] asm_exc_page_fault+0x26/0x30 [ 4562.100412] RIP: 0033:0x9b9870 [ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 <44> 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7 [ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246 [ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000 [ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066 [ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000 [ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff [ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 4562.100446] </TASK> [ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink ---truncated--- CVE-2024-27062 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27062.html CVE-2024-27062 https://bugzilla.suse.com/1223834 SUSE Bug 1223834 In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN() when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIG_DEBUG_SHIRQ. This might cause a WARN() in the handler. Avoid that by adding an "unbinding" flag to struct user_event which will short circuit the handler. CVE-2024-27067 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27067.html CVE-2024-27067 https://bugzilla.suse.com/1223739 SUSE Bug 1223739 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when detecting delalloc ranges during fiemap For fiemap we recently stopped locking the target extent range for the whole duration of the fiemap call, in order to avoid a deadlock in a scenario where the fiemap buffer happens to be a memory mapped range of the same file. This use case is very unlikely to be useful in practice but it may be triggered by fuzz testing (syzbot, etc). This however introduced a race that makes us miss delalloc ranges for file regions that are currently holes, so the caller of fiemap will not be aware that there's data for some file regions. This can be quite serious for some use cases - for example in coreutils versions before 9.0, the cp program used fiemap to detect holes and data in the source file, copying only regions with data (extents or delalloc) from the source file to the destination file in order to preserve holes (see the documentation for its --sparse command line option). This means that if cp was used with a source file that had delalloc in a hole, the destination file could end up without that data, which is effectively a data loss issue, if it happened to hit the race described below. The race happens like this: 1) Fiemap is called, without the FIEMAP_FLAG_SYNC flag, for a file that has delalloc in the file range [64M, 65M[, which is currently a hole; 2) Fiemap locks the inode in shared mode, then starts iterating the inode's subvolume tree searching for file extent items, without having the whole fiemap target range locked in the inode's io tree - the change introduced recently by commit b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent locking"). It only locks ranges in the io tree when it finds a hole or prealloc extent since that commit; 3) Note that fiemap clones each leaf before using it, and this is to avoid deadlocks when locking a file range in the inode's io tree and the fiemap buffer is memory mapped to some file, because writing to the page with btrfs_page_mkwrite() will wait on any ordered extent for the page's range and the ordered extent needs to lock the range and may need to modify the same leaf, therefore leading to a deadlock on the leaf; 4) While iterating the file extent items in the cloned leaf before finding the hole in the range [64M, 65M[, the delalloc in that range is flushed and its ordered extent completes - meaning the corresponding file extent item is in the inode's subvolume tree, but not present in the cloned leaf that fiemap is iterating over; 5) When fiemap finds the hole in the [64M, 65M[ range by seeing the gap in the cloned leaf (or a file extent item with disk_bytenr == 0 in case the NO_HOLES feature is not enabled), it will lock that file range in the inode's io tree and then search for delalloc by checking for the EXTENT_DELALLOC bit in the io tree for that range and ordered extents (with btrfs_find_delalloc_in_range()). But it finds nothing since the delalloc in that range was already flushed and the ordered extent completed and is gone - as a result fiemap will not report that there's delalloc or an extent for the range [64M, 65M[, so user space will be mislead into thinking that there's a hole in that range. This could actually be sporadically triggered with test case generic/094 from fstests, which reports a missing extent/delalloc range like this: generic/094 2s ... - output mismatch (see /home/fdmanana/git/hub/xfstests/results//generic/094.out.bad) --- tests/generic/094.out 2020-06-10 19:29:03.830519425 +0100 +++ /home/fdmanana/git/hub/xfstests/results//generic/094.out.bad 2024-02-28 11:00:00.381071525 +0000 @@ -1,3 +1,9 @@ QA output created by 094 fiemap run with sync fiemap run without sync +ERROR: couldn't find extent at 7 +map is 'HHDDHPPDPHPH' +logical: [ 5.. 6] phys: ---truncated--- CVE-2024-27080 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27080.html CVE-2024-27080 https://bugzilla.suse.com/1223782 SUSE Bug 1223782 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths. CVE-2024-27388 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27388.html CVE-2024-27388 https://bugzilla.suse.com/1223744 SUSE Bug 1223744 In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only d_invalidate() is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410 Using the combo of d_drop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use d_invalidate() and update the code to not bother checking for error codes that can never happen. --- CVE-2024-27389 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27389.html CVE-2024-27389 https://bugzilla.suse.com/1223705 SUSE Bug 1223705 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to use the timestamp, this avoids that an element expires while control plane transaction is still unfinished. .lookup and .update, which are used from packet path, still use the current time to check if the element has expired. And .get path and dump also since this runs lockless under rcu read size lock. Then, there is async gc which also needs to check the current time since it runs asynchronously from a workqueue. CVE-2024-27397 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27397.html CVE-2024-27397 https://bugzilla.suse.com/1224095 SUSE Bug 1224095 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection is timeout. The sock will be deallocated later, but it is dereferenced again in sco_sock_timeout. As a result, the use-after-free bugs will happen. The root cause is shown below: Cleanup Thread | Worker Thread sco_sock_release | sco_sock_close | __sco_sock_close | sco_sock_set_timer | schedule_delayed_work | sco_sock_kill | (wait a time) sock_put(sk) //FREE | sco_sock_timeout | sock_hold(sk) //USE The KASAN report triggered by POC is shown below: [ 95.890016] ================================================================== [ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0 [ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7 ... [ 95.890755] Workqueue: events sco_sock_timeout [ 95.890755] Call Trace: [ 95.890755] <TASK> [ 95.890755] dump_stack_lvl+0x45/0x110 [ 95.890755] print_address_description+0x78/0x390 [ 95.890755] print_report+0x11b/0x250 [ 95.890755] ? __virt_addr_valid+0xbe/0xf0 [ 95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755] kasan_report+0x139/0x170 [ 95.890755] ? update_load_avg+0xe5/0x9f0 [ 95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755] kasan_check_range+0x2c3/0x2e0 [ 95.890755] sco_sock_timeout+0x5e/0x1c0 [ 95.890755] process_one_work+0x561/0xc50 [ 95.890755] worker_thread+0xab2/0x13c0 [ 95.890755] ? pr_cont_work+0x490/0x490 [ 95.890755] kthread+0x279/0x300 [ 95.890755] ? pr_cont_work+0x490/0x490 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork+0x34/0x60 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork_asm+0x11/0x20 [ 95.890755] </TASK> [ 95.890755] [ 95.890755] Allocated by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] __kasan_kmalloc+0x86/0x90 [ 95.890755] __kmalloc+0x17f/0x360 [ 95.890755] sk_prot_alloc+0xe1/0x1a0 [ 95.890755] sk_alloc+0x31/0x4e0 [ 95.890755] bt_sock_alloc+0x2b/0x2a0 [ 95.890755] sco_sock_create+0xad/0x320 [ 95.890755] bt_sock_create+0x145/0x320 [ 95.890755] __sock_create+0x2e1/0x650 [ 95.890755] __sys_socket+0xd0/0x280 [ 95.890755] __x64_sys_socket+0x75/0x80 [ 95.890755] do_syscall_64+0xc4/0x1b0 [ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] Freed by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] kasan_save_free_info+0x40/0x50 [ 95.890755] poison_slab_object+0x118/0x180 [ 95.890755] __kasan_slab_free+0x12/0x30 [ 95.890755] kfree+0xb2/0x240 [ 95.890755] __sk_destruct+0x317/0x410 [ 95.890755] sco_sock_release+0x232/0x280 [ 95.890755] sock_close+0xb2/0x210 [ 95.890755] __fput+0x37f/0x770 [ 95.890755] task_work_run+0x1ae/0x210 [ 95.890755] get_signal+0xe17/0xf70 [ 95.890755] arch_do_signal_or_restart+0x3f/0x520 [ 95.890755] syscall_exit_to_user_mode+0x55/0x120 [ 95.890755] do_syscall_64+0xd1/0x1b0 [ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] The buggy address belongs to the object at ffff88800c388000 [ 95.890755] which belongs to the cache kmalloc-1k of size 1024 [ 95.890755] The buggy address is located 128 bytes inside of [ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400) [ 95.890755] [ 95.890755] The buggy address belongs to the physical page: [ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388 [ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 95.890755] ano ---truncated--- CVE-2024-27398 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27398.html CVE-2024-27398 https://bugzilla.suse.com/1224174 SUSE Bug 1224174 https://bugzilla.suse.com/1225013 SUSE Bug 1225013 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be set to null. But the conn could be dereferenced again in the mutex_lock() of l2cap_chan_timeout(). As a result the null pointer dereference bug will happen. The KASAN report triggered by POC is shown below: [ 472.074580] ================================================================== [ 472.075284] BUG: KASAN: null-ptr-deref in mutex_lock+0x68/0xc0 [ 472.075308] Write of size 8 at addr 0000000000000158 by task kworker/0:0/7 [ 472.075308] [ 472.075308] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.9.0-rc5-00356-g78c0094a146b #36 [ 472.075308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4 [ 472.075308] Workqueue: events l2cap_chan_timeout [ 472.075308] Call Trace: [ 472.075308] <TASK> [ 472.075308] dump_stack_lvl+0x137/0x1a0 [ 472.075308] print_report+0x101/0x250 [ 472.075308] ? __virt_addr_valid+0x77/0x160 [ 472.075308] ? mutex_lock+0x68/0xc0 [ 472.075308] kasan_report+0x139/0x170 [ 472.075308] ? mutex_lock+0x68/0xc0 [ 472.075308] kasan_check_range+0x2c3/0x2e0 [ 472.075308] mutex_lock+0x68/0xc0 [ 472.075308] l2cap_chan_timeout+0x181/0x300 [ 472.075308] process_one_work+0x5d2/0xe00 [ 472.075308] worker_thread+0xe1d/0x1660 [ 472.075308] ? pr_cont_work+0x5e0/0x5e0 [ 472.075308] kthread+0x2b7/0x350 [ 472.075308] ? pr_cont_work+0x5e0/0x5e0 [ 472.075308] ? kthread_blkcg+0xd0/0xd0 [ 472.075308] ret_from_fork+0x4d/0x80 [ 472.075308] ? kthread_blkcg+0xd0/0xd0 [ 472.075308] ret_from_fork_asm+0x11/0x20 [ 472.075308] </TASK> [ 472.075308] ================================================================== [ 472.094860] Disabling lock debugging due to kernel taint [ 472.096136] BUG: kernel NULL pointer dereference, address: 0000000000000158 [ 472.096136] #PF: supervisor write access in kernel mode [ 472.096136] #PF: error_code(0x0002) - not-present page [ 472.096136] PGD 0 P4D 0 [ 472.096136] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 472.096136] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G B 6.9.0-rc5-00356-g78c0094a146b #36 [ 472.096136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4 [ 472.096136] Workqueue: events l2cap_chan_timeout [ 472.096136] RIP: 0010:mutex_lock+0x88/0xc0 [ 472.096136] Code: be 08 00 00 00 e8 f8 23 1f fd 4c 89 f7 be 08 00 00 00 e8 eb 23 1f fd 42 80 3c 23 00 74 08 48 88 [ 472.096136] RSP: 0018:ffff88800744fc78 EFLAGS: 00000246 [ 472.096136] RAX: 0000000000000000 RBX: 1ffff11000e89f8f RCX: ffffffff8457c865 [ 472.096136] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88800744fc78 [ 472.096136] RBP: 0000000000000158 R08: ffff88800744fc7f R09: 1ffff11000e89f8f [ 472.096136] R10: dffffc0000000000 R11: ffffed1000e89f90 R12: dffffc0000000000 [ 472.096136] R13: 0000000000000158 R14: ffff88800744fc78 R15: ffff888007405a00 [ 472.096136] FS: 0000000000000000(0000) GS:ffff88806d200000(0000) knlGS:0000000000000000 [ 472.096136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 472.096136] CR2: 0000000000000158 CR3: 000000000da32000 CR4: 00000000000006f0 [ 472.096136] Call Trace: [ 472.096136] <TASK> [ 472.096136] ? __die_body+0x8d/0xe0 [ 472.096136] ? page_fault_oops+0x6b8/0x9a0 [ 472.096136] ? kernelmode_fixup_or_oops+0x20c/0x2a0 [ 472.096136] ? do_user_addr_fault+0x1027/0x1340 [ 472.096136] ? _printk+0x7a/0xa0 [ 472.096136] ? mutex_lock+0x68/0xc0 [ 472.096136] ? add_taint+0x42/0xd0 [ 472.096136] ? exc_page_fault+0x6a/0x1b0 [ 472.096136] ? asm_exc_page_fault+0x26/0x30 [ 472.096136] ? mutex_lock+0x75/0xc0 [ 472.096136] ? mutex_lock+0x88/0xc0 [ 472.096136] ? mutex_lock+0x75/0xc0 [ 472.096136] l2cap_chan_timeo ---truncated--- CVE-2024-27399 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27399.html CVE-2024-27399 https://bugzilla.suse.com/1224177 SUSE Bug 1224177 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. The basic problem here is that after the move the old location is simply not available any more. Some fixes were suggested, but essentially we should call the move notification before actually moving things because only this way we have the correct order for DMA-buf and VM move notifications as well. Also rework the statistic handling so that we don't update the eviction counter before the move. v2: add missing NULL check CVE-2024-27400 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27400.html CVE-2024-27400 https://bugzilla.suse.com/1224180 SUSE Bug 1224180 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a proper NTB. When the NTB is parsed, unwrap call looks for any leftover bytes in SKB provided by u_ether and if there are any pending bytes, it treats them as a separate NTB and parses it. But in case the second NTB (as per unwrap call) is faulty/corrupt, all the datagrams that were parsed properly in the first NTB and saved in rx_list are dropped. Adding a few custom traces showed the following: [002] d..1 7828.532866: dwc3_gadget_giveback: ep1out: req 000000003868811a length 1025/16384 zsI ==> 0 [002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025 [002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400 [002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10 [002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames In this case, the giveback is of 1025 bytes and block length is 1024. The rest 1 byte (which is 0x00) won't be parsed resulting in drop of all datagrams in rx_list. Same is case with packets of size 2048: [002] d..1 7828.557948: dwc3_gadget_giveback: ep1out: req 0000000011dfd96e length 2049/16384 zsI ==> 0 [002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342 [002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800 Lecroy shows one byte coming in extra confirming that the byte is coming in from PC: Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590) - Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590) --- Packet 4063861 Data(1024 bytes) Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590) --- Packet 4063863 Data(1 byte) Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722) According to Windows driver, no ZLP is needed if wBlockLength is non-zero, because the non-zero wBlockLength has already told the function side the size of transfer to be expected. However, there are in-market NCM devices that rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize. To deal with such devices, it pads an extra 0 at end so the transfer is no longer multiple of wMaxPacketSize. CVE-2024-27405 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27405.html CVE-2024-27405 https://bugzilla.suse.com/1224423 SUSE Bug 1224423 In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data in the wdev->u union for the interface type it currently has, causing cfg80211_change_iface() to do wrong things when switching. We could probably allow setting an interface to mesh while setting the mesh ID at the same time by doing a different order of operations here, but realistically there's no userspace that's going to do this, so just disallow changes in iftype when setting mesh ID. CVE-2024-27410 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27410.html CVE-2024-27410 https://bugzilla.suse.com/1224432 SUSE Bug 1224432 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly. This is likely not as big an issue on systems where the NVGPU is the only GPU, but on multi-GPU set ups it leads to a regression where the kernel module errors and results in a system-wide rendering freeze. This commit addresses that regression by moving the two buffers required for suspend and resume to be deallocated at driver unload instead of post init. CVE-2024-27411 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27411.html CVE-2024-27411 https://bugzilla.suse.com/1224433 SUSE Bug 1224433 In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client->irq will be 0. bq27xxx_battery_i2c_probe() already has an if (client->irq) check wrapping the request_threaded_irq(). But bq27xxx_battery_i2c_remove() unconditionally calls free_irq(client->irq) leading to: [ 190.310742] ------------[ cut here ]------------ [ 190.310843] Trying to free already-free IRQ 0 [ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310 Followed by a backtrace when unbinding the driver. Add an if (client->irq) to bq27xxx_battery_i2c_remove() mirroring probe() to fix this. CVE-2024-27412 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27412.html CVE-2024-27412 https://bugzilla.suse.com/1224437 SUSE Bug 1224437 In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here. CVE-2024-27413 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27413.html CVE-2024-27413 https://bugzilla.suse.com/1224438 SUSE Bug 1224438 https://bugzilla.suse.com/1225315 SUSE Bug 1225315 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated. CVE-2024-27416 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27416.html CVE-2024-27416 https://bugzilla.suse.com/1224723 SUSE Bug 1224723 In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK: In the mtk_ppe_stop() function, the PPE scan mode is not disabled before disabling the PPE. This can potentially lead to a hang during the process of disabling the PPE. Without this patch, the PPE may experience a hang during the reboot test. CVE-2024-27432 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27432.html CVE-2024-27432 https://bugzilla.suse.com/1224716 SUSE Bug 1224716 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible. CVE-2024-27434 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27434.html CVE-2024-27434 https://bugzilla.suse.com/1224710 SUSE Bug 1224710 In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found it may caused by a ABBA deadlock due to tag allocation. In my case, the tag was hold by a keep alive request waiting inside admin_q, as we quiesced admin_q while reset ctrl, so the request maked as idle and will not process before reset success. As fabric_q shares tagset with admin_q, while reconnect remote target, we need a tag for connect command, but the only one reserved tag was held by keep alive command which waiting inside admin_q. As a result, we failed to reconnect admin_q forever. In order to fix this issue, I think we should keep two reserved tags for admin queue. CVE-2024-27435 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27435.html CVE-2024-27435 https://bugzilla.suse.com/1224717 SUSE Bug 1224717 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. CVE-2024-27436 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-27436.html CVE-2024-27436 https://bugzilla.suse.com/1224803 SUSE Bug 1224803 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our normal code, we just don't have lockdep annotations with the extent locking so we've never noticed it. Since we're copying the fiemap extent to user space on every iteration we have the chance of pagefaulting. Because we hold the extent lock for the entire range we could mkwrite into a range in the file that we have mmap'ed. This would deadlock with the following stack trace [<0>] lock_extent+0x28d/0x2f0 [<0>] btrfs_page_mkwrite+0x273/0x8a0 [<0>] do_page_mkwrite+0x50/0xb0 [<0>] do_fault+0xc1/0x7b0 [<0>] __handle_mm_fault+0x2fa/0x460 [<0>] handle_mm_fault+0xa4/0x330 [<0>] do_user_addr_fault+0x1f4/0x800 [<0>] exc_page_fault+0x7c/0x1e0 [<0>] asm_exc_page_fault+0x26/0x30 [<0>] rep_movs_alternative+0x33/0x70 [<0>] _copy_to_user+0x49/0x70 [<0>] fiemap_fill_next_extent+0xc8/0x120 [<0>] emit_fiemap_extent+0x4d/0xa0 [<0>] extent_fiemap+0x7f8/0xad0 [<0>] btrfs_fiemap+0x49/0x80 [<0>] __x64_sys_ioctl+0x3e1/0xb50 [<0>] do_syscall_64+0x94/0x1a0 [<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 I wrote an fstest to reproduce this deadlock without my replacement lock and verified that the deadlock exists with our existing locking. To fix this simply don't take the extent lock for the entire duration of the fiemap. This is safe in general because we keep track of where we are when we're searching the tree, so if an ordered extent updates in the middle of our fiemap call we'll still emit the correct extents because we know what offset we were on before. The only place we maintain the lock is searching delalloc. Since the delalloc stuff can change during writeback we want to lock the extent range so we have a consistent view of delalloc at the time we're checking to see if we need to set the delalloc flag. With this patch applied we no longer deadlock with my testcase. CVE-2024-35784 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35784.html CVE-2024-35784 https://bugzilla.suse.com/1224804 SUSE Bug 1224804 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries to do so regardless it will return an error. In this case the clients mutex remained unlocked leading to a deadlock inside nouveau_drm_postclose or any other nouveau ioctl call. CVE-2024-35786 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35786.html CVE-2024-35786 https://bugzilla.suse.com/1224714 SUSE Bug 1224714 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix bounds check for dcn35 DcfClocks [Why] NumFclkLevelsEnabled is used for DcfClocks bounds check instead of designated NumDcfClkLevelsEnabled. That can cause array index out-of-bounds access. [How] Use designated variable for dcn35 DcfClocks bounds check. CVE-2024-35788 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35788.html CVE-2024-35788 https://bugzilla.suse.com/1224709 SUSE Bug 1224709 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change. CVE-2024-35789 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35789.html CVE-2024-35789 https://bugzilla.suse.com/1224749 SUSE Bug 1224749 https://bugzilla.suse.com/1227320 SUSE Bug 1227320 In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Remove manual sysfs node creation in favor of adding attribute group as default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is not used here otherwise the path to the sysfs nodes is no longer compliant with the ABI. CVE-2024-35790 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35790.html CVE-2024-35790 https://bugzilla.suse.com/1224712 SUSE Bug 1224712 In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen sync_thread indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in md_stop_writes(), and since stop_sync_thread() is only used for dm-raid in this case, also move stop_sync_thread() to md_stop_writes(). 2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen, it only prevent new sync_thread to start, and it can't stop the running sync thread; In order to frozen sync_thread, after seting the flag, stop_sync_thread() should be used. 3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use it as condition for md_stop_writes() in raid_postsuspend() doesn't look correct. Consider that reentrant stop_sync_thread() do nothing, always call md_stop_writes() in raid_postsuspend(). 4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime, and if MD_RECOVERY_FROZEN is cleared while the array is suspended, new sync_thread can start unexpected. Fix this by disallow raid_message() to change sync_thread status during suspend. Note that after commit f52f5c71f3d4 ("md: fix stopping sync thread"), the test shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(), and with previous fixes, the test won't hang there anymore, however, the test will still fail and complain that ext4 is corrupted. And with this patch, the test won't hang due to stop_sync_thread() or fail due to ext4 is corrupted anymore. However, there is still a deadlock related to dm-raid456 that will be fixed in following patches. CVE-2024-35794 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35794.html CVE-2024-35794 https://bugzilla.suse.com/1224706 SUSE Bug 1224706 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after those lines are printed (although I wasn't able to reproduce that part when reading by hand): [ 1318.016074][ T1082] ====================================================== [ 1318.016607][ T1082] WARNING: possible circular locking dependency detected [ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted [ 1318.017598][ T1082] ------------------------------------------------------ [ 1318.018096][ T1082] tar/1082 is trying to acquire lock: [ 1318.018585][ T1082] ffff98c44175d6a0 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x40/0x80 [ 1318.019084][ T1082] [ 1318.019084][ T1082] but task is already holding lock: [ 1318.020052][ T1082] ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu] [ 1318.020607][ T1082] [ 1318.020607][ T1082] which lock already depends on the new lock. [ 1318.020607][ T1082] [ 1318.022081][ T1082] [ 1318.022081][ T1082] the existing dependency chain (in reverse order) is: [ 1318.023083][ T1082] [ 1318.023083][ T1082] -> #2 (reservation_ww_class_mutex){+.+.}-{3:3}: [ 1318.024114][ T1082] __ww_mutex_lock.constprop.0+0xe0/0x12f0 [ 1318.024639][ T1082] ww_mutex_lock+0x32/0x90 [ 1318.025161][ T1082] dma_resv_lockdep+0x18a/0x330 [ 1318.025683][ T1082] do_one_initcall+0x6a/0x350 [ 1318.026210][ T1082] kernel_init_freeable+0x1a3/0x310 [ 1318.026728][ T1082] kernel_init+0x15/0x1a0 [ 1318.027242][ T1082] ret_from_fork+0x2c/0x40 [ 1318.027759][ T1082] ret_from_fork_asm+0x11/0x20 [ 1318.028281][ T1082] [ 1318.028281][ T1082] -> #1 (reservation_ww_class_acquire){+.+.}-{0:0}: [ 1318.029297][ T1082] dma_resv_lockdep+0x16c/0x330 [ 1318.029790][ T1082] do_one_initcall+0x6a/0x350 [ 1318.030263][ T1082] kernel_init_freeable+0x1a3/0x310 [ 1318.030722][ T1082] kernel_init+0x15/0x1a0 [ 1318.031168][ T1082] ret_from_fork+0x2c/0x40 [ 1318.031598][ T1082] ret_from_fork_asm+0x11/0x20 [ 1318.032011][ T1082] [ 1318.032011][ T1082] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 1318.032778][ T1082] __lock_acquire+0x14bf/0x2680 [ 1318.033141][ T1082] lock_acquire+0xcd/0x2c0 [ 1318.033487][ T1082] __might_fault+0x58/0x80 [ 1318.033814][ T1082] amdgpu_debugfs_mqd_read+0x103/0x250 [amdgpu] [ 1318.034181][ T1082] full_proxy_read+0x55/0x80 [ 1318.034487][ T1082] vfs_read+0xa7/0x360 [ 1318.034788][ T1082] ksys_read+0x70/0xf0 [ 1318.035085][ T1082] do_syscall_64+0x94/0x180 [ 1318.035375][ T1082] entry_SYSCALL_64_after_hwframe+0x46/0x4e [ 1318.035664][ T1082] [ 1318.035664][ T1082] other info that might help us debug this: [ 1318.035664][ T1082] [ 1318.036487][ T1082] Chain exists of: [ 1318.036487][ T1082] &mm->mmap_lock --> reservation_ww_class_acquire --> reservation_ww_class_mutex [ 1318.036487][ T1082] [ 1318.037310][ T1082] Possible unsafe locking scenario: [ 1318.037310][ T1082] [ 1318.037838][ T1082] CPU0 CPU1 [ 1318.038101][ T1082] ---- ---- [ 1318.038350][ T1082] lock(reservation_ww_class_mutex); [ 1318.038590][ T1082] lock(reservation_ww_class_acquire); [ 1318.038839][ T1082] lock(reservation_ww_class_mutex); [ 1318.039083][ T1082] rlock(&mm->mmap_lock); [ 1318.039328][ T1082] [ 1318.039328][ T1082] *** DEADLOCK *** [ 1318.039328][ T1082] [ 1318.040029][ T1082] 1 lock held by tar/1082: [ 1318.040259][ T1082] #0: ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu] [ 1318.040560][ T1082] [ 1318.040560][ T1082] stack backtrace: [ ---truncated--- CVE-2024-35795 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35795.html CVE-2024-35795 https://bugzilla.suse.com/1224634 SUSE Bug 1224634 In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in platform_get_resource_byname in the call stack, where it causes a null pointer in strcmp. if (type == resource_type(r) && !strcmp(r->name, name)) It should have been replaced with devm_platform_ioremap_resource. CVE-2024-35796 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35796.html CVE-2024-35796 https://bugzilla.suse.com/1224615 SUSE Bug 1224615 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why] Disabling stream encoder invokes a function that no longer exists. [How] Check if the function declaration is NULL in disable stream encoder. CVE-2024-35799 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35799.html CVE-2024-35799 https://bugzilla.suse.com/1224740 SUSE Bug 1224740 In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF firmware. CVE-2024-35800 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35800.html CVE-2024-35800 https://bugzilla.suse.com/1224507 SUSE Bug 1224507 In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and commit 8bf26758ca96 ("x86/fpu: Add XFD state to fpstate") introduced a per CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in order to avoid unnecessary writes to the MSR. On CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which wipes out any stale state. But the per CPU cached xfd value is not reset, which brings them out of sync. As a consequence a subsequent xfd_update_state() might fail to update the MSR which in turn can result in XRSTOR raising a #NM in kernel space, which crashes the kernel. To fix this, introduce xfd_set_state() to write xfd_state together with MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD. CVE-2024-35801 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35801.html CVE-2024-35801 https://bugzilla.suse.com/1224732 SUSE Bug 1224732 In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Always disable interrupts when taking cgr_lock smp_call_function_single disables IRQs when executing the callback. To prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere. This is already done by qman_update_cgr and qman_delete_cgr; fix the other lockers. CVE-2024-35806 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35806.html CVE-2024-35806 https://bugzilla.suse.com/1224699 SUSE Bug 1224699 In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call md_reap_sync_thread() directly Currently md_reap_sync_thread() is called from raid_message() directly without holding 'reconfig_mutex', this is definitely unsafe because md_reap_sync_thread() can change many fields that is protected by 'reconfig_mutex'. However, hold 'reconfig_mutex' here is still problematic because this will cause deadlock, for example, commit 130443d60b1b ("md: refactor idle/frozen_sync_thread() to fix deadlock"). Fix this problem by using stop_sync_thread() to unregister sync_thread, like md/raid did. CVE-2024-35808 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35808.html CVE-2024-35808 https://bugzilla.suse.com/1224623 SUSE Bug 1224623 In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the .runtime_idle() callback and the .remove() callback in the rtsx_pcr PCI driver leads to a kernel crash due to an unhandled page fault [1]. The problem is that rtsx_pci_runtime_idle() is not expected to be running after pm_runtime_get_sync() has been called, but the latter doesn't really guarantee that. It only guarantees that the suspend and resume callbacks will not be running when it returns. However, if a .runtime_idle() callback is already running when pm_runtime_get_sync() is called, the latter will notice that the runtime PM status of the device is RPM_ACTIVE and it will return right away without waiting for the former to complete. In fact, it cannot wait for .runtime_idle() to complete because it may be called from that callback (it arguably does not make much sense to do that, but it is not strictly prohibited). Thus in general, whoever is providing a .runtime_idle() callback needs to protect it from running in parallel with whatever code runs after pm_runtime_get_sync(). [Note that .runtime_idle() will not start after pm_runtime_get_sync() has returned, but it may continue running then if it has started earlier.] One way to address that race condition is to call pm_runtime_barrier() after pm_runtime_get_sync() (not before it, because a nonzero value of the runtime PM usage counter is necessary to prevent runtime PM callbacks from being invoked) to wait for the .runtime_idle() callback to complete should it be running at that point. A suitable place for doing that is in pci_device_remove() which calls pm_runtime_get_sync() before removing the driver, so it may as well call pm_runtime_barrier() subsequently, which will prevent the race in question from occurring, not just in the rtsx_pcr driver, but in any PCI drivers providing .runtime_idle() callbacks. CVE-2024-35809 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35809.html CVE-2024-35809 https://bugzilla.suse.com/1224738 SUSE Bug 1224738 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the atomic update needs to not be invalidated by the cleanup. The buffer objects in vmw_plane_state instead of using the builtin map_and_cache were trying to handle the lifetime of the mapped memory themselves, leading to crashes. Use the map_and_cache instead of trying to manage the lifetime of the buffer objects held by the vmw_plane_state. Fixes kernel oops'es in IGT's kms_cursor_legacy forked-bo. CVE-2024-35810 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35810.html CVE-2024-35810 https://bugzilla.suse.com/1224626 SUSE Bug 1224626 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm80211 driver,it starts with the following invoking chain to start init a timeout worker: ->brcmf_usb_probe ->brcmf_usb_probe_cb ->brcmf_attach ->brcmf_bus_started ->brcmf_cfg80211_attach ->wl_init_priv ->brcmf_init_escan ->INIT_WORK(&cfg->escan_timeout_work, brcmf_cfg80211_escan_timeout_worker); If we disconnect the USB by hotplug, it will call brcmf_usb_disconnect to make cleanup. The invoking chain is : brcmf_usb_disconnect ->brcmf_usb_disconnect_cb ->brcmf_detach ->brcmf_cfg80211_detach ->kfree(cfg); While the timeout woker may still be running. This will cause a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker. Fix it by deleting the timer and canceling the worker in brcmf_cfg80211_detach. [arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free] CVE-2024-35811 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35811.html CVE-2024-35811 https://bugzilla.suse.com/1224592 SUSE Bug 1224592 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-35812 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35812.html CVE-2024-35812 https://bugzilla.suse.com/1224624 SUSE Bug 1224624 In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns prev_idata = idatas[i - 1], but doesn't check that the iterator i is greater than zero. Let's fix this by adding a check. CVE-2024-35813 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35813.html CVE-2024-35813 https://bugzilla.suse.com/1224618 SUSE Bug 1224618 In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler, the req->ki_ctx read happens either before the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such that it is guaranteed that the IOCB_AIO_RW test happens first. CVE-2024-35815 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35815.html CVE-2024-35815 https://bugzilla.suse.com/1224685 SUSE Bug 1224685 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear the gart page table entry and leave valid mapping entry pointing to the stale system page. Then if GPU access the gart address mistakely, it will read undefined value instead page fault, harder to debug and reproduce the real issue. CVE-2024-35817 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35817.html CVE-2024-35817 https://bugzilla.suse.com/1224736 SUSE Bug 1224736 https://bugzilla.suse.com/1225313 SUSE Bug 1225313 In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even on PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock for cgr_lock to ensure we aren't waiting on a sleeping task. Although this bug has existed for a while, it was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change") which invokes smp_call_function_single via qman_update_cgr_safe every time a link goes up or down. CVE-2024-35819 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35819.html CVE-2024-35819 https://bugzilla.suse.com/1224683 SUSE Bug 1224683 In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into ubifs_write_end(), which is after we copied the new data into the page. CVE-2024-35821 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35821.html CVE-2024-35821 https://bugzilla.suse.com/1224629 SUSE Bug 1224629 In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c Root cause is mass storage function try to queue request from main thread, but other thread may already disable ep when function disable. As there is no function failure in the driver, in order to avoid effort to fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug(). CVE-2024-35822 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35822.html CVE-2024-35822 https://bugzilla.suse.com/1224739 SUSE Bug 1224739 In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer"). The cure is also the same i.e. replace memcpy() with memmove() due to the overlaping buffers. CVE-2024-35823 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35823.html CVE-2024-35823 https://bugzilla.suse.com/1224692 SUSE Bug 1224692 In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() even if the device has already been turned off by the runtime-suspend handler and if configured for wakeup and the device is runtime-suspended at this point then it is not turned back on to serve as a wakeup source. Before commit b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback"), lis3lv02d_poweroff() failed to disable the regulators which as a side effect made calling poweroff() twice ok. Now that poweroff() correctly disables the regulators, doing this twice triggers a WARN() in the regulator core: unbalanced disables for regulator-dummy WARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable ... Fix lis3lv02d_i2c_suspend() to not call poweroff() a second time if already runtime-suspended and add a poweron() call when necessary to make wakeup work. lis3lv02d_i2c_resume() has similar issues, with an added weirness that it always powers on the device if it is runtime suspended, after which the first runtime-resume will call poweron() again, causing the enabled count for the regulator to increase by 1 every suspend/resume. These unbalanced regulator_enable() calls cause the regulator to never be turned off and trigger the following WARN() on driver unbind: WARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put Fix this by making lis3lv02d_i2c_resume() mirror the new suspend(). CVE-2024-35824 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35824.html CVE-2024-35824 https://bugzilla.suse.com/1224609 SUSE Bug 1224609 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds sometimes and have block length zero but still contain 1-2 valid datagrams present. According to the NCM spec: "If wBlockLength = 0x0000, the block is terminated by a short packet. In this case, the USB transfer must still be shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If exactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent, and the size is a multiple of wMaxPacketSize for the given pipe, then no ZLP shall be sent. wBlockLength= 0x0000 must be used with extreme care, because of the possibility that the host and device may get out of sync, and because of test issues. wBlockLength = 0x0000 allows the sender to reduce latency by starting to send a very large NTB, and then shortening it when the sender discovers that there's not sufficient data to justify sending a large NTB" However, there is a potential issue with the current implementation, as it checks for the occurrence of multiple NTBs in a single giveback by verifying if the leftover bytes to be processed is zero or not. If the block length reads zero, we would process the same NTB infintely because the leftover bytes is never zero and it leads to a crash. Fix this by bailing out if block length reads zero. CVE-2024-35825 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35825.html CVE-2024-35825 https://bugzilla.suse.com/1224681 SUSE Bug 1224681 In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer(). CVE-2024-35828 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35828.html CVE-2024-35828 https://bugzilla.suse.com/1224622 SUSE Bug 1224622 In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks. CVE-2024-35829 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35829.html CVE-2024-35829 https://bugzilla.suse.com/1224707 SUSE Bug 1224707 In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access. CVE-2024-35830 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35830.html CVE-2024-35830 https://bugzilla.suse.com/1224680 SUSE Bug 1224680 In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling path of fsl_qdma_probe(). Switch to the managed version to fix both issues. CVE-2024-35833 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35833.html CVE-2024-35833 https://bugzilla.suse.com/1224632 SUSE Bug 1224632 In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce descriptor to XSK Rx queue. CVE-2024-35834 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35834.html CVE-2024-35834 https://bugzilla.suse.com/1224620 SUSE Bug 1224620 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. However, arfs_create_table, the only caller of arfs_create_groups, will hold this error and call to mlx5e_destroy_flow_table, in which the ft->g will be freed again. CVE-2024-35835 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35835.html CVE-2024-35835 https://bugzilla.suse.com/1224605 SUSE Bug 1224605 In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI device have had kept the reference to that pin), and kernel module is again bound, the pin properties would not be updated (the properties are only assigned when memory for the pin is allocated), prop pointer still points to the kernel module memory of the kernel module which was deallocated on the unbind. If the pin dump is invoked in this state, the result is a kernel crash. Prevent the crash by storing persistent pin properties in dpll subsystem, copy the content from the kernel module when pin is allocated, instead of using memory of the kernel module. CVE-2024-35836 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35836.html CVE-2024-35836 https://bugzilla.suse.com/1224633 SUSE Bug 1224633 In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue. CVE-2024-35837 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35837.html CVE-2024-35837 https://bugzilla.suse.com/1224500 SUSE Bug 1224500 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet (e.g. during connection to an AP MLD), we might remove the station without ever marking links valid, and leak them. Fix that. CVE-2024-35838 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35838.html CVE-2024-35838 https://bugzilla.suse.com/1224613 SUSE Bug 1224613 In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism that prevents this physindev from been freed under us (for instance neigh_flush_dev doesn't cleanup skbs from different device's neigh queue) we can crash on e.g. this stack: arp_process neigh_update skb = __skb_dequeue(&neigh->arp_queue) neigh_resolve_output(..., skb) ... br_nf_dev_xmit br_nf_pre_routing_finish_bridge_slow skb->dev = nf_bridge->physindev br_handle_frame_finish Let's use plain ifindex instead of net_device link. To peek into the original net_device we will use dev_get_by_index_rcu(). Thus either we get device and are safe to use it or we don't get it and drop skb. CVE-2024-35839 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35839.html CVE-2024-35839 https://bugzilla.suse.com/1224726 SUSE Bug 1224726 In the Linux kernel, the following vulnerability has been resolved: net: tls, fix WARNIING in __sk_msg_free A splice with MSG_SPLICE_PAGES will cause tls code to use the tls_sw_sendmsg_splice path in the TLS sendmsg code to move the user provided pages from the msg into the msg_pl. This will loop over the msg until msg_pl is full, checked by sk_msg_full(msg_pl). The user can also set the MORE flag to hint stack to delay sending until receiving more pages and ideally a full buffer. If the user adds more pages to the msg than can fit in the msg_pl scatterlist (MAX_MSG_FRAGS) we should ignore the MORE flag and send the buffer anyways. What actually happens though is we abort the msg to msg_pl scatterlist setup and then because we forget to set 'full record' indicating we can no longer consume data without a send we fallthrough to the 'continue' path which will check if msg_data_left(msg) has more bytes to send and then attempts to fit them in the already full msg_pl. Then next iteration of sender doing send will encounter a full msg_pl and throw the warning in the syzbot report. To fix simply check if we have a full_record in splice code path and if not send the msg regardless of MORE flag. CVE-2024-35841 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35841.html CVE-2024-35841 https://bugzilla.suse.com/1224687 SUSE Bug 1224687 In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declare a `normal_link` (a non-SOF, direct link) string, and this is the case for SoCs that support only SOF paths (hence do not support both direct and SOF usecases). For example, in the case of MT8188 there is no normal_link string in any of the sof_conn_stream entries and there will be more drivers doing that in the future. To avoid possible NULL pointer KPs, add a NULL check for `normal_link`. CVE-2024-35842 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35842.html CVE-2024-35842 https://bugzilla.suse.com/1224688 SUSE Bug 1224688 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it. CVE-2024-35845 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35845.html CVE-2024-35845 https://bugzilla.suse.com/1224731 SUSE Bug 1224731 In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again. Fix this by unconditionally invoking its_vpe_irq_domain_free() which handles all cases correctly and by removing the bitmap/vprop_page freeing from its_vpe_irq_domain_alloc(). [ tglx: Massaged change log ] CVE-2024-35847 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35847.html CVE-2024-35847 https://bugzilla.suse.com/1224697 SUSE Bug 1224697 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x110 lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [inline] btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: __kmalloc_large_node+0x231/0x370 mm/slub.c:3921 __do_kmalloc_node mm/slub.c:3954 [inline] __kmalloc_node+0xb07/0x1060 mm/slub.c:3973 kmalloc_node include/linux/slab.h:648 [inline] kvmalloc_node+0xc0/0x2d0 mm/util.c:634 kvmalloc include/linux/slab.h:766 [inline] init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779 btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 40-65535 of 65536 are uninitialized Memory access of size 65536 starts at ffff888045a40000 This happens, because we're copying a 'struct btrfs_data_container' back to user-space. This btrfs_data_container is allocated in 'init_data_container()' via kvmalloc(), which does not zero-fill the memory. Fix this by using kvzalloc() which zeroes out the memory on allocation. CVE-2024-35849 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35849.html CVE-2024-35849 https://bugzilla.suse.com/1224733 SUSE Bug 1224733 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller. CVE-2024-35850 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35850.html CVE-2024-35850 https://bugzilla.suse.com/1224600 SUSE Bug 1224600 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when wakeup() is called for a non-serdev controller during suspend. Just return true for now to restore the original behaviour and address the crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support") that causes the crash to happen already at setup() time. CVE-2024-35851 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35851.html CVE-2024-35851 https://bugzilla.suse.com/1224509 SUSE Bug 1224509 In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted and may actively work against guests to extract secrets or manipulate computation. Since a malicious host can modify or observe nearly all inputs to guests, the only remaining source of entropy for CoCo guests is RDRAND. If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole is meant to gracefully continue on gathering entropy from other sources, but since there aren't other sources on CoCo, this is catastrophic. This is mostly a concern at boot time when initially seeding the RNG, as after that the consequences of a broken RDRAND are much more theoretical. So, try at boot to seed the RNG using 256 bits of RDRAND output. If this fails, panic(). This will also trigger if the system is booted without RDRAND, as RDRAND is essential for a safe CoCo boot. Add this deliberately to be "just a CoCo x86 driver feature" and not part of the RNG itself. Many device drivers and platforms have some desire to contribute something to the RNG, and add_device_randomness() is specifically meant for this purpose. Any driver can call it with seed data of any quality, or even garbage quality, and it can only possibly make the quality of the RNG better or have no effect, but can never make it worse. Rather than trying to build something into the core of the RNG, consider the particular CoCo issue just a CoCo issue, and therefore separate it all out into driver (well, arch/platform) code. [ bp: Massage commit message. ] CVE-2024-35875 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35875.html CVE-2024-35875 https://bugzilla.suse.com/1224665 SUSE Bug 1224665 In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf() In of_modalias(), we can get passed the str and len parameters which would cause a kernel oops in vsnprintf() since it only allows passing a NULL ptr when the length is also 0. Also, we need to filter out the negative values of the len parameter as these will result in a really huge buffer since snprintf() takes size_t parameter while ours is ssize_t... Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool. CVE-2024-35878 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35878.html CVE-2024-35878 https://bugzilla.suse.com/1224671 SUSE Bug 1224671 In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_changeset_destroy() with the devlink removals. CVE-2024-35879 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35879.html CVE-2024-35879 https://bugzilla.suse.com/1224524 SUSE Bug 1224524 In the Linux kernel, the following vulnerability has been resolved: spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe In function pci1xxxx_spi_probe, there is a potential null pointer that may be caused by a failed memory allocation by the function devm_kzalloc. Hence, a null pointer check needs to be added to prevent null pointer dereferencing later in the code. To fix this issue, spi_bus->spi_int[iter] should be checked. The memory allocated by devm_kzalloc will be automatically released, so just directly return -ENOMEM without worrying about memory leaks. CVE-2024-35883 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35883.html CVE-2024-35883 https://bugzilla.suse.com/1224521 SUSE Bug 1224521 In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: stop interface during shutdown The mlxbf_gige driver intermittantly encounters a NULL pointer exception while the system is shutting down via "reboot" command. The mlxbf_driver will experience an exception right after executing its shutdown() method. One example of this exception is: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000011d373000 [0000000000000070] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 96000004 [#1] SMP CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G S OE 5.15.0-bf.6.gef6992a #1 Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.0.2.12669 Apr 21 2023 pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] lr : mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] sp : ffff8000080d3c10 x29: ffff8000080d3c10 x28: ffffcce72cbb7000 x27: ffff8000080d3d58 x26: ffff0000814e7340 x25: ffff331cd1a05000 x24: ffffcce72c4ea008 x23: ffff0000814e4b40 x22: ffff0000814e4d10 x21: ffff0000814e4128 x20: 0000000000000000 x19: ffff0000814e4a80 x18: ffffffffffffffff x17: 000000000000001c x16: ffffcce72b4553f4 x15: ffff80008805b8a7 x14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101 x11: 7f7f7f7f7f7f7f7f x10: c2ac898b17576267 x9 : ffffcce720fa5404 x8 : ffff000080812138 x7 : 0000000000002e9a x6 : 0000000000000080 x5 : ffff00008de3b000 x4 : 0000000000000000 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] __napi_poll+0x40/0x1c8 net_rx_action+0x314/0x3a0 __do_softirq+0x128/0x334 run_ksoftirqd+0x54/0x6c smpboot_thread_fn+0x14c/0x190 kthread+0x10c/0x110 ret_from_fork+0x10/0x20 Code: 8b070000 f9000ea0 f95056c0 f86178a1 (b9407002) ---[ end trace 7cc3941aa0d8e6a4 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt Kernel Offset: 0x4ce722520000 from 0xffff800008000000 PHYS_OFFSET: 0x80000000 CPU features: 0x000005c1,a3330e5a Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- During system shutdown, the mlxbf_gige driver's shutdown() is always executed. However, the driver's stop() method will only execute if networking interface configuration logic within the Linux distribution has been setup to do so. If shutdown() executes but stop() does not execute, NAPI remains enabled and this can lead to an exception if NAPI is scheduled while the hardware interface has only been partially deinitialized. The networking interface managed by the mlxbf_gige driver must be properly stopped during system shutdown so that IFF_UP is cleared, the hardware interface is put into a clean state, and NAPI is fully deinitialized. CVE-2024-35885 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35885.html CVE-2024-35885 https://bugzilla.suse.com/1224519 SUSE Bug 1224519 In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer. CVE-2024-35887 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35887.html CVE-2024-35887 https://bugzilla.suse.com/1224663 SUSE Bug 1224663 In the Linux kernel, the following vulnerability has been resolved: idpf: fix kernel panic on unknown packet types In the very rare case where a packet type is unknown to the driver, idpf_rx_process_skb_fields would return early without calling eth_type_trans to set the skb protocol / the network layer handler. This is especially problematic if tcpdump is running when such a packet is received, i.e. it would cause a kernel panic. Instead, call eth_type_trans for every single packet, even when the packet type is unknown. CVE-2024-35889 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35889.html CVE-2024-35889 https://bugzilla.suse.com/1224517 SUSE Bug 1224517 In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Fix potential null pointer dereference In lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() may return NULL as ptp_header due to abnormal packet type or corrupted packet. Fix this bug by adding ptp_header check. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-35891 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35891.html CVE-2024-35891 https://bugzilla.suse.com/1224513 SUSE Bug 1224513 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix Rx DMA datasize and skb_over_panic mana_get_rxbuf_cfg() aligns the RX buffer's DMA datasize to be multiple of 64. So a packet slightly bigger than mtu+14, say 1536, can be received and cause skb_over_panic. Sample dmesg: [ 5325.237162] skbuff: skb_over_panic: text:ffffffffc043277a len:1536 put:1536 head:ff1100018b517000 data:ff1100018b517100 tail:0x700 end:0x6ea dev:<NULL> [ 5325.243689] ------------[ cut here ]------------ [ 5325.245748] kernel BUG at net/core/skbuff.c:192! [ 5325.247838] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 5325.258374] RIP: 0010:skb_panic+0x4f/0x60 [ 5325.302941] Call Trace: [ 5325.304389] <IRQ> [ 5325.315794] ? skb_panic+0x4f/0x60 [ 5325.317457] ? asm_exc_invalid_op+0x1f/0x30 [ 5325.319490] ? skb_panic+0x4f/0x60 [ 5325.321161] skb_put+0x4e/0x50 [ 5325.322670] mana_poll+0x6fa/0xb50 [mana] [ 5325.324578] __napi_poll+0x33/0x1e0 [ 5325.326328] net_rx_action+0x12e/0x280 As discussed internally, this alignment is not necessary. To fix this bug, remove it from the code. So oversized packets will be marked as CQE_RX_TRUNCATED by NIC, and dropped. CVE-2024-35901 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35901.html CVE-2024-35901 https://bugzilla.suse.com/1224495 SUSE Bug 1224495 In the Linux kernel, the following vulnerability has been resolved: selinux: avoid dereference of garbage after mount failure In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. CVE-2024-35904 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35904.html CVE-2024-35904 https://bugzilla.suse.com/1224494 SUSE Bug 1224494 In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b) trigger kdump via "echo c > /proc/sysrq-trigger" c) kdump kernel executes d) kdump kernel loads mlxbf_gige module e) the mlxbf_gige module runs its open() as the the "oob_net0" interface is brought up f) mlxbf_gige module will experience an exception during its open(), something like: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000004 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000000e29a4000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000086000004 [#1] SMP CPU: 0 PID: 812 Comm: NetworkManager Tainted: G OE 5.15.0-1035-bluefield #37-Ubuntu Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.6.0.13024 Jan 19 2024 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : __napi_poll+0x40/0x230 sp : ffff800008003e00 x29: ffff800008003e00 x28: 0000000000000000 x27: 00000000ffffffff x26: ffff000066027238 x25: ffff00007cedec00 x24: ffff800008003ec8 x23: 000000000000012c x22: ffff800008003eb7 x21: 0000000000000000 x20: 0000000000000001 x19: ffff000066027238 x18: 0000000000000000 x17: ffff578fcb450000 x16: ffffa870b083c7c0 x15: 0000aaab010441d0 x14: 0000000000000001 x13: 00726f7272655f65 x12: 6769675f6662786c x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa870b0842398 x8 : 0000000000000004 x7 : fe5a48b9069706ea x6 : 17fdb11fc84ae0d2 x5 : d94a82549d594f35 x4 : 0000000000000000 x3 : 0000000000400100 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000066027238 Call trace: 0x0 net_rx_action+0x178/0x360 __do_softirq+0x15c/0x428 __irq_exit_rcu+0xac/0xec irq_exit+0x18/0x2c handle_domain_irq+0x6c/0xa0 gic_handle_irq+0xec/0x1b0 call_on_irq_stack+0x20/0x2c do_interrupt_handler+0x5c/0x70 el1_interrupt+0x30/0x50 el1h_64_irq_handler+0x18/0x2c el1h_64_irq+0x7c/0x80 __setup_irq+0x4c0/0x950 request_threaded_irq+0xf4/0x1bc mlxbf_gige_request_irqs+0x68/0x110 [mlxbf_gige] mlxbf_gige_open+0x5c/0x170 [mlxbf_gige] __dev_open+0x100/0x220 __dev_change_flags+0x16c/0x1f0 dev_change_flags+0x2c/0x70 do_setlink+0x220/0xa40 __rtnl_newlink+0x56c/0x8a0 rtnl_newlink+0x58/0x84 rtnetlink_rcv_msg+0x138/0x3c4 netlink_rcv_skb+0x64/0x130 rtnetlink_rcv+0x20/0x30 netlink_unicast+0x2ec/0x360 netlink_sendmsg+0x278/0x490 __sock_sendmsg+0x5c/0x6c ____sys_sendmsg+0x290/0x2d4 ___sys_sendmsg+0x84/0xd0 __sys_sendmsg+0x70/0xd0 __arm64_sys_sendmsg+0x2c/0x40 invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x54/0x184 do_el0_svc+0x30/0xac el0_svc+0x48/0x160 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Code: bad PC value ---[ end trace 7d1c3f3bf9d81885 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt Kernel Offset: 0x2870a7a00000 from 0xffff800008000000 PHYS_OFFSET: 0x80000000 CPU features: 0x0,000005c1,a3332a5a Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- The exception happens because there is a pending RX interrupt before the call to request_irq(RX IRQ) executes. Then, the RX IRQ handler fires immediately after this request_irq() completes. The ---truncated--- CVE-2024-35907 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35907.html CVE-2024-35907 https://bugzilla.suse.com/1224492 SUSE Bug 1224492 In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Split 64bit accesses to fix alignment issues Some of the registers are aligned on a 32bit boundary, causing alignment faults on 64bit platforms. Unable to handle kernel paging request at virtual address ffffffc084a1d004 Mem abort info: ESR = 0x0000000096000061 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x21: alignment fault Data abort info: ISV = 0, ISS = 0x00000061, ISS2 = 0x00000000 CM = 0, WnR = 1, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000046ad6000 [ffffffc084a1d004] pgd=100000013ffff003, p4d=100000013ffff003, pud=100000013ffff003, pmd=0068000020a00711 Internal error: Oops: 0000000096000061 [#1] SMP Modules linked in: mtk_t7xx(+) qcserial pppoe ppp_async option nft_fib_inet nf_flow_table_inet mt7921u(O) mt7921s(O) mt7921e(O) mt7921_common(O) iwlmvm(O) iwldvm(O) usb_wwan rndis_host qmi_wwan pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack mt7996e(O) mt792x_usb(O) mt792x_lib(O) mt7915e(O) mt76_usb(O) mt76_sdio(O) mt76_connac_lib(O) mt76(O) mac80211(O) iwlwifi(O) huawei_cdc_ncm cfg80211(O) cdc_ncm cdc_ether wwan usbserial usbnet slhc sfp rtc_pcf8563 nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 mt6577_auxadc mdio_i2c libcrc32c compat(O) cdc_wdm cdc_acm at24 crypto_safexcel pwm_fan i2c_gpio i2c_smbus industrialio i2c_algo_bit i2c_mux_reg i2c_mux_pca954x i2c_mux_pca9541 i2c_mux_gpio i2c_mux dummy oid_registry tun sha512_arm64 sha1_ce sha1_generic seqiv md5 geniv des_generic libdes cbc authencesn authenc leds_gpio xhci_plat_hcd xhci_pci xhci_mtk_hcd xhci_hcd nvme nvme_core gpio_button_hotplug(O) dm_mirror dm_region_hash dm_log dm_crypt dm_mod dax usbcore usb_common ptp aquantia pps_core mii tpm encrypted_keys trusted CPU: 3 PID: 5266 Comm: kworker/u9:1 Tainted: G O 6.6.22 #0 Hardware name: Bananapi BPI-R4 (DT) Workqueue: md_hk_wq t7xx_fsm_uninit [mtk_t7xx] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx] lr : t7xx_cldma_start+0xac/0x13c [mtk_t7xx] sp : ffffffc085d63d30 x29: ffffffc085d63d30 x28: 0000000000000000 x27: 0000000000000000 x26: 0000000000000000 x25: ffffff80c804f2c0 x24: ffffff80ca196c05 x23: 0000000000000000 x22: ffffff80c814b9b8 x21: ffffff80c814b128 x20: 0000000000000001 x19: ffffff80c814b080 x18: 0000000000000014 x17: 0000000055c9806b x16: 000000007c5296d0 x15: 000000000f6bca68 x14: 00000000dbdbdce4 x13: 000000001aeaf72a x12: 0000000000000001 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : ffffff80ca1ef6b4 x7 : ffffff80c814b818 x6 : 0000000000000018 x5 : 0000000000000870 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 000000010a947000 x1 : ffffffc084a1d004 x0 : ffffffc084a1d004 Call trace: t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx] t7xx_fsm_uninit+0x578/0x5ec [mtk_t7xx] process_one_work+0x154/0x2a0 worker_thread+0x2ac/0x488 kthread+0xe0/0xec ret_from_fork+0x10/0x20 Code: f9400800 91001000 8b214001 d50332bf (f9000022) ---[ end trace 0000000000000000 ]--- The inclusion of io-64-nonatomic-lo-hi.h indicates that all 64bit accesses can be replaced by pairs of nonatomic 32bit access. Fix alignment by forcing all accesses to be 32bit on 64bit platforms. CVE-2024-35909 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35909.html CVE-2024-35909 https://bugzilla.suse.com/1224491 SUSE Bug 1224491 In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is caused from the driver *only* calling the ice_vsi_free_q_vectors() function by itself, when it is suspending. Since commit b3e7b3a6ee92 ("ice: prevent NULL pointer deref during reload") the driver has zeroed out num_q_vectors, and only restored it in ice_vsi_cfg_def(). This further causes the ice_rebuild() function to allocate a zero length buffer, after which num_q_vectors is updated, and then the new value of num_q_vectors is used to index into the zero length buffer, which corrupts memory. The fix entails making sure all the code referencing num_q_vectors only does so after it has been reset via ice_vsi_cfg_def(). I didn't perform a full bisect, but I was able to test against 6.1.77 kernel and that ice driver works fine for suspend/resume with no panic, so sometime since then, this problem was introduced. Also clean up an un-needed init of a local variable in the function being modified. PANIC from 6.8.0-rc1: [1026674.915596] PM: suspend exit [1026675.664697] ice 0000:17:00.1: PTP reset successful [1026675.664707] ice 0000:17:00.1: 2755 msecs passed between update to cached PHC time [1026675.667660] ice 0000:b1:00.0: PTP reset successful [1026675.675944] ice 0000:b1:00.0: 2832 msecs passed between update to cached PHC time [1026677.137733] ixgbe 0000:31:00.0 ens787: NIC Link is Up 1 Gbps, Flow Control: None [1026677.190201] BUG: kernel NULL pointer dereference, address: 0000000000000010 [1026677.192753] ice 0000:17:00.0: PTP reset successful [1026677.192764] ice 0000:17:00.0: 4548 msecs passed between update to cached PHC time [1026677.197928] #PF: supervisor read access in kernel mode [1026677.197933] #PF: error_code(0x0000) - not-present page [1026677.197937] PGD 1557a7067 P4D 0 [1026677.212133] ice 0000:b1:00.1: PTP reset successful [1026677.212143] ice 0000:b1:00.1: 4344 msecs passed between update to cached PHC time [1026677.212575] [1026677.243142] Oops: 0000 [#1] PREEMPT SMP NOPTI [1026677.247918] CPU: 23 PID: 42790 Comm: kworker/23:0 Kdump: loaded Tainted: G W 6.8.0-rc1+ #1 [1026677.257989] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022 [1026677.269367] Workqueue: ice ice_service_task [ice] [1026677.274592] RIP: 0010:ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice] [1026677.281421] Code: 0f 84 3a ff ff ff 41 0f b7 74 ec 02 66 89 b0 22 02 00 00 81 e6 ff 1f 00 00 e8 ec fd ff ff e9 35 ff ff ff 48 8b 43 30 49 63 ed <41> 0f b7 34 24 41 83 c5 01 48 8b 3c e8 66 89 b7 aa 02 00 00 81 e6 [1026677.300877] RSP: 0018:ff3be62a6399bcc0 EFLAGS: 00010202 [1026677.306556] RAX: ff28691e28980828 RBX: ff28691e41099828 RCX: 0000000000188000 [1026677.314148] RDX: 0000000000000000 RSI: 0000000000000010 RDI: ff28691e41099828 [1026677.321730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [1026677.329311] R10: 0000000000000007 R11: ffffffffffffffc0 R12: 0000000000000010 [1026677.336896] R13: 0000000000000000 R14: 0000000000000000 R15: ff28691e0eaa81a0 [1026677.344472] FS: 0000000000000000(0000) GS:ff28693cbffc0000(0000) knlGS:0000000000000000 [1026677.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1026677.359195] CR2: 0000000000000010 CR3: 0000000128df4001 CR4: 0000000000771ef0 [1026677.366779] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1026677.374369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1026677.381952] PKRU: 55555554 [1026677.385116] Call Trace: [1026677.388023] <TASK> [1026677.390589] ? __die+0x20/0x70 [1026677.394105] ? page_fault_oops+0x82/0x160 [1026677.398576] ? do_user_addr_fault+0x65/0x6a0 [1026677.403307] ? exc_page_fault+0x6a/0x150 [1026677.407694] ? asm_exc_page_fault+0x22/0x30 [1026677.412349] ? ice_vsi_rebuild_set_coalesce+0x130/0x1e0 [ice] [1026677.4186 ---truncated--- CVE-2024-35911 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35911.html CVE-2024-35911 https://bugzilla.suse.com/1224486 SUSE Bug 1224486 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup() fails, we still need to free the command response. Fix that. CVE-2024-35912 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35912.html CVE-2024-35912 https://bugzilla.suse.com/1224487 SUSE Bug 1224487 In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix error cleanup path in nfsd_rename() Commit a8b0026847b8 ("rename(): avoid a deadlock in the case of parents having no common ancestor") added an error bail out path. However this path does not drop the remount protection that has been acquired. Fix the cleanup path to properly drop the remount protection. CVE-2024-35914 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35914.html CVE-2024-35914 https://bugzilla.suse.com/1224482 SUSE Bug 1224482 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded. This patch resolved this issue by checking payload size before calling each message type handler codes. CVE-2024-35915 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35915.html CVE-2024-35915 https://bugzilla.suse.com/1224479 SUSE Bug 1224479 In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fix NULL pointer dereference in sanitycheck() If due to a memory allocation failure mock_chain() returns NULL, it is passed to dma_fence_enable_sw_signaling() resulting in NULL pointer dereference there. Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-35916 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35916.html CVE-2024-35916 https://bugzilla.suse.com/1224480 SUSE Bug 1224480 In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow. It is necessary to prevent division by zero like in fb_var_to_videomode(). Found by Linux Verification Center (linuxtesting.org) with Svace. CVE-2024-35922 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35922.html CVE-2024-35922 https://bugzilla.suse.com/1224660 SUSE Bug 1224660 In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to use the read UCSI version to truncate read sizes on UCSI v1.2. CVE-2024-35924 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35924.html CVE-2024-35924 https://bugzilla.suse.com/1224657 SUSE Bug 1224657 In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() calls, that re the callers of these functions, avoid invoking them if polling is not initialized. For drivers like hyperv-drm, that do not initialize connector polling, if suspend is called without this check, it leads to suspend failure with following stack [ 770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 770.720592] printk: Suspending console(s) (use no_console_suspend to debug) [ 770.948823] ------------[ cut here ]------------ [ 770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230 [ 770.948831] Modules linked in: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms_helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct10dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod [ 770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el9_3.x86_64 #1 [ 770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230 [ 770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff <0f> 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00 [ 770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246 [ 770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857 [ 770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330 [ 770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10 [ 770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330 [ 770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 770.948875] FS: 00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000 [ 770.948878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0 [ 770.948879] Call Trace: [ 770.948880] <TASK> [ 770.948881] ? show_trace_log_lvl+0x1c4/0x2df [ 770.948884] ? show_trace_log_lvl+0x1c4/0x2df [ 770.948886] ? __cancel_work_timer+0x103/0x190 [ 770.948887] ? __flush_work.isra.0+0x212/0x230 [ 770.948889] ? __warn+0x81/0x110 [ 770.948891] ? __flush_work.isra.0+0x212/0x230 [ 770.948892] ? report_bug+0x10a/0x140 [ 770.948895] ? handle_bug+0x3c/0x70 [ 770.948898] ? exc_invalid_op+0x14/0x70 [ 770.948899] ? asm_exc_invalid_op+0x16/0x20 [ 770.948903] ? __flush_work.isra.0+0x212/0x230 [ 770.948905] __cancel_work_timer+0x103/0x190 [ 770.948907] ? _raw_spin_unlock_irqrestore+0xa/0x30 [ 770.948910] drm_kms_helper_poll_disable+0x1e/0x40 [drm_kms_helper] [ 770.948923] drm_mode_config_helper_suspend+0x1c/0x80 [drm_kms_helper] [ 770.948933] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [ 770.948942] hyperv_vmbus_suspend+0x17/0x40 [hyperv_drm] [ 770.948944] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [ 770.948951] dpm_run_callback+0x4c/0x140 [ 770.948954] __device_suspend_noir ---truncated--- CVE-2024-35927 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35927.html CVE-2024-35927 https://bugzilla.suse.com/1224654 SUSE Bug 1224654 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-35928 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35928.html CVE-2024-35928 https://bugzilla.suse.com/1224653 SUSE Bug 1224653 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an unsuccessful status. In such cases, the elsiocb is not issued, the completion is not called, and thus the elsiocb resource is leaked. Check return value after calling lpfc_sli4_resume_rpi() and conditionally release the elsiocb resource. CVE-2024-35930 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35930.html CVE-2024-35930 https://bugzilla.suse.com/1224651 SUSE Bug 1224651 In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane->state->fb == state->fb Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32 [ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0 [ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0 [ 110.909170] sp : ffffffc00913b9c0 [ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60 [ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480 [ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78 [ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000 [ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004 [ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003 [ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00 [ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572 [ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000 [ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001 [ 110.909434] Call trace: [ 110.909441] refcount_dec_not_one+0xb8/0xc0 [ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4] [ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4] [ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper] [ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4] [ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper] [ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper] [ 110.911716] drm_atomic_commit+0xb0/0xdc [drm] [ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm] [ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm] [ 110.914091] drm_ioctl+0x24c/0x3b0 [drm] [ 110.914850] __arm64_sys_ioctl+0x9c/0xd4 [ 110.914873] invoke_syscall+0x4c/0x114 [ 110.914897] el0_svc_common+0xd0/0x118 [ 110.914917] do_el0_svc+0x38/0xd0 [ 110.914936] el0_svc+0x30/0x8c [ 110.914958] el0t_64_sync_handler+0x84/0xf0 [ 110.914979] el0t_64_sync+0x18c/0x190 [ 110.914996] ---[ end trace 0000000000000000 ]--- This happens because, although `prepare_fb` and `cleanup_fb` are perfectly balanced, we cannot guarantee consistency in the check plane->state->fb == state->fb. This means that sometimes we can increase the refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The opposite can also be true. In fact, the struct drm_plane .state shouldn't be accessed directly but instead, the `drm_atomic_get_new_plane_state()` helper function should be used. So, we could stick to this check, but using `drm_atomic_get_new_plane_state()`. But actually, this check is not re ---truncated--- CVE-2024-35932 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35932.html CVE-2024-35932 https://bugzilla.suse.com/1224650 SUSE Bug 1224650 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version If hci_cmd_sync_complete() is triggered and skb is NULL, then hdev->req_skb is NULL, which will cause this issue. CVE-2024-35933 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35933.html CVE-2024-35933 https://bugzilla.suse.com/1224640 SUSE Bug 1224640 In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption, as it could be caused only by two impossible conditions: - at first the search key is set up to look for a chunk tree item, with offset -1, this is an inexact search and the key->offset will contain the correct offset upon a successful search, a valid chunk tree item cannot have an offset -1 - after first successful search, the found_key corresponds to a chunk item, the offset is decremented by 1 before the next loop, it's impossible to find a chunk item there due to alignment and size constraints CVE-2024-35936 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35936.html CVE-2024-35936 https://bugzilla.suse.com/1224644 SUSE Bug 1224644 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more careful and check if the subframe header can even be present. CVE-2024-35937 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35937.html CVE-2024-35937 https://bugzilla.suse.com/1224526 SUSE Bug 1224526 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assigned with 0, making MHI use a default size, 64KB, to allocate channel buffers. This is likely to fail in some scenarios where system memory is highly fragmented and memory compaction or reclaim is not allowed. There is a fail report which is caused by it: kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfceb Workqueue: events_unbound async_run_entry_fn Call Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Actually those buffers are used only by QMI target -> host communication. And for WCN6855 and QCA6390, the largest packet size for that is less than 6KB. So change buf_len field to 8KB, which results in order 1 allocation if page size is 4KB. In this way, we can at least save some memory, and as well as decrease the possibility of allocation failure in those scenarios. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 CVE-2024-35938 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35938.html CVE-2024-35938 https://bugzilla.suse.com/1224643 SUSE Bug 1224643 In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the psz_kmsg_read kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. CVE-2024-35940 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35940.html CVE-2024-35940 https://bugzilla.suse.com/1224537 SUSE Bug 1224537 In the Linux kernel, the following vulnerability has been resolved: net: phy: phy_device: Prevent nullptr exceptions on ISR If phydev->irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent nullptr exceptions in interrupt service routine. CVE-2024-35945 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35945.html CVE-2024-35945 https://bugzilla.suse.com/1224639 SUSE Bug 1224639 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning. Fix this by using the actual scanning vif. CVE-2024-35946 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35946.html CVE-2024-35946 https://bugzilla.suse.com/1224646 SUSE Bug 1224646 In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead. CVE-2024-35947 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35947.html CVE-2024-35947 https://bugzilla.suse.com/1224647 SUSE Bug 1224647 In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend modes[] the same protection or by the time we use it the elements may already be pointing to freed/reused memory. CVE-2024-35950 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35950.html CVE-2024-35950 https://bugzilla.suse.com/1224703 SUSE Bug 1224703 https://bugzilla.suse.com/1225310 SUSE Bug 1225310 In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Subject: [PATCH] drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() If some the pages or sgt allocation failed, we shouldn't release the pages ref we got earlier, otherwise we will end up with unbalanced get/put_pages() calls. We should instead leave everything in place and let the BO release function deal with extra cleanup when the object is destroyed, or let the fault handler try again next time it's called. CVE-2024-35951 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35951.html CVE-2024-35951 https://bugzilla.suse.com/1224701 SUSE Bug 1224701 In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU, in BMC. These scratch registers are protected by scu-lock. If suc-lock is not off, DPMCU can not update these registers and then host will have soft lockup due to never updated status. DPMCU is used to control DP and relative registers to handshake with host's VGA driver. Even the most time-consuming task, DP's link training, is less than 100ms. 200ms should be enough. CVE-2024-35952 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35952.html CVE-2024-35952 https://bugzilla.suse.com/1224705 SUSE Bug 1224705 In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in context_xa ivpu_device->context_xa is locked both in kernel thread and IRQ context. It requires XA_FLAGS_LOCK_IRQ flag to be passed during initialization otherwise the lock could be acquired from a thread and interrupted by an IRQ that locks it for the second time causing the deadlock. This deadlock was reported by lockdep and observed in internal tests. CVE-2024-35953 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35953.html CVE-2024-35953 https://bugzilla.suse.com/1224704 SUSE Bug 1224704 In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. The resulting NULL pointer exception will then crash the kernel. CVE-2024-35954 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35954.html CVE-2024-35954 https://bugzilla.suse.com/1224675 SUSE Bug 1224675 In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succeeded but the next one is failed because module->state becomes MODULE_STATE_UNFORMED between those operations. In `check_kprobe_address_safe()`, if the second `__module_text_address()` is failed, that is ignored because it expected a kernel_text address. But it may have failed simply because module->state has been changed to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify non-exist module text address (use-after-free). To fix this problem, we should not use separated `is_module_text_address()` and `__module_text_address()`, but use only `__module_text_address()` once and do `try_module_get(module)` which is only available with MODULE_STATE_LIVE. CVE-2024-35955 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35955.html CVE-2024-35955 https://bugzilla.suse.com/1224676 SUSE Bug 1224676 In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or XDP_TX instructions The ena_free_tx_bufs() cycles through all descriptors in a TX queue and unmaps + frees every descriptor that hasn't been acknowledged yet by the device (uncompleted TX transactions). The function assumes that the processed TX queue is necessarily from the first category listed above and ends up using napi_consume_skb() for descriptors belonging to an XDP specific queue. This patch solves a bug in which, in case of a VF reset, the descriptors aren't freed correctly, leading to crashes. CVE-2024-35958 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35958.html CVE-2024-35958 https://bugzilla.suse.com/1224677 SUSE Bug 1224677 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using lockdep_is_held(). Acquire the state_lock in mlx5e_selq_cleanup(). Kernel log: ============================= WARNING: suspicious RCU usage 6.8.0-rc3_net_next_841a9b5 #1 Not tainted ----------------------------- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by systemd-modules/293: #0: ffffffffa05067b0 (devices_rwsem){++++}-{3:3}, at: ib_register_client+0x109/0x1b0 [ib_core] #1: ffff8881096c65c0 (&device->client_data_rwsem){++++}-{3:3}, at: add_client_context+0x104/0x1c0 [ib_core] stack backtrace: CPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3_net_next_841a9b5 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x8a/0xa0 lockdep_rcu_suspicious+0x154/0x1a0 mlx5e_selq_apply+0x94/0xa0 [mlx5_core] mlx5e_selq_cleanup+0x3a/0x60 [mlx5_core] mlx5e_priv_init+0x2be/0x2f0 [mlx5_core] mlx5_rdma_setup_rn+0x7c/0x1a0 [mlx5_core] rdma_init_netdev+0x4e/0x80 [ib_core] ? mlx5_rdma_netdev_free+0x70/0x70 [mlx5_core] ipoib_intf_init+0x64/0x550 [ib_ipoib] ipoib_intf_alloc+0x4e/0xc0 [ib_ipoib] ipoib_add_one+0xb0/0x360 [ib_ipoib] add_client_context+0x112/0x1c0 [ib_core] ib_register_client+0x166/0x1b0 [ib_core] ? 0xffffffffa0573000 ipoib_init_module+0xeb/0x1a0 [ib_ipoib] do_one_initcall+0x61/0x250 do_init_module+0x8a/0x270 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x17d/0x230 __x64_sys_finit_module+0x61/0xb0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x46/0x4e </TASK> CVE-2024-35959 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35959.html CVE-2024-35959 https://bugzilla.suse.com/1224666 SUSE Bug 1224666 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules instead of creating new ones. These two behaviors can result in a situation where create_flow_handle 1) creates a new rule and references it, then 2) in a subsequent step during the same handle creation references it again, resulting in a rule with a refcount of 2 that is not linked into the tree, will have a NULL parent and root and will result in a crash when the flow group is deleted because del_sw_hw_rule, invoked on rule deletion, assumes node->parent is != NULL. This happened in the wild, due to another bug related to incorrect handling of duplicate pkt_reformat ids, which lead to the code in create_flow_handle incorrectly referencing a just-added rule in the same flow handle, resulting in the problem described above. Full details are at [1]. This patch changes add_rule_fg to add new rules without parents into the tree, properly initializing them and avoiding the crash. This makes it more consistent with how rules are added to an FTE in create_flow_handle. CVE-2024-35960 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35960.html CVE-2024-35960 https://bugzilla.suse.com/1224588 SUSE Bug 1224588 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Register devlink first under devlink lock In case device is having a non fatal FW error during probe, the driver will report the error to user via devlink. This will trigger a WARN_ON, since mlx5 is calling devlink_register() last. In order to avoid the WARN_ON[1], change mlx5 to invoke devl_register() first under devlink lock. [1] WARNING: CPU: 5 PID: 227 at net/devlink/health.c:483 devlink_recover_notify.constprop.0+0xb8/0xc0 CPU: 5 PID: 227 Comm: kworker/u16:3 Not tainted 6.4.0-rc5_for_upstream_min_debug_2023_06_12_12_38 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_health0000:08:00.0 mlx5_fw_reporter_err_work [mlx5_core] RIP: 0010:devlink_recover_notify.constprop.0+0xb8/0xc0 Call Trace: <TASK> ? __warn+0x79/0x120 ? devlink_recover_notify.constprop.0+0xb8/0xc0 ? report_bug+0x17c/0x190 ? handle_bug+0x3c/0x60 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? devlink_recover_notify.constprop.0+0xb8/0xc0 devlink_health_report+0x4a/0x1c0 mlx5_fw_reporter_err_work+0xa4/0xd0 [mlx5_core] process_one_work+0x1bb/0x3c0 ? process_one_work+0x3c0/0x3c0 worker_thread+0x4d/0x3c0 ? process_one_work+0x3c0/0x3c0 kthread+0xc6/0xf0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK> CVE-2024-35961 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35961.html CVE-2024-35961 https://bugzilla.suse.com/1224585 SUSE Bug 1224585 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Fix not validating setsockopt user input Check user input length before copying data. CVE-2024-35963 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35963.html CVE-2024-35963 https://bugzilla.suse.com/1224582 SUSE Bug 1224582 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. CVE-2024-35965 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35965.html CVE-2024-35965 https://bugzilla.suse.com/1224579 SUSE Bug 1224579 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 Read of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064 CVE-2024-35966 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35966.html CVE-2024-35966 https://bugzilla.suse.com/1224576 SUSE Bug 1224576 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90 net/bluetooth/sco.c:893 Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578 CVE-2024-35967 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35967.html CVE-2024-35967 https://bugzilla.suse.com/1224587 SUSE Bug 1224587 In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang The ks8851_irq() thread may call ks8851_rx_pkts() in case there are any packets in the MAC FIFO, which calls netif_rx(). This netif_rx() implementation is guarded by local_bh_disable() and local_bh_enable(). The local_bh_enable() may call do_softirq() to run softirqs in case any are pending. One of the softirqs is net_rx_action, which ultimately reaches the driver .start_xmit callback. If that happens, the system hangs. The entire call chain is below: ks8851_start_xmit_par from netdev_start_xmit netdev_start_xmit from dev_hard_start_xmit dev_hard_start_xmit from sch_direct_xmit sch_direct_xmit from __dev_queue_xmit __dev_queue_xmit from __neigh_update __neigh_update from neigh_update neigh_update from arp_process.constprop.0 arp_process.constprop.0 from __netif_receive_skb_one_core __netif_receive_skb_one_core from process_backlog process_backlog from __napi_poll.constprop.0 __napi_poll.constprop.0 from net_rx_action net_rx_action from __do_softirq __do_softirq from call_with_stack call_with_stack from do_softirq do_softirq from __local_bh_enable_ip __local_bh_enable_ip from netif_rx netif_rx from ks8851_irq ks8851_irq from irq_thread_fn irq_thread_fn from irq_thread irq_thread from kthread kthread from ret_from_fork The hang happens because ks8851_irq() first locks a spinlock in ks8851_par.c ks8851_lock_par() spin_lock_irqsave(&ksp->lock, ...) and with that spinlock locked, calls netif_rx(). Once the execution reaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again which attempts to claim the already locked spinlock again, and the hang happens. Move the do_softirq() call outside of the spinlock protected section of ks8851_irq() by disabling BHs around the entire spinlock protected section of ks8851_irq() handler. Place local_bh_enable() outside of the spinlock protected section, so that it can trigger do_softirq() without the ks8851_par.c ks8851_lock_par() spinlock being held, and safely call ks8851_start_xmit_par() without attempting to lock the already locked spinlock. Since ks8851_irq() is protected by local_bh_disable()/local_bh_enable() now, replace netif_rx() with __netif_rx() which is not duplicating the local_bh_disable()/local_bh_enable() calls. CVE-2024-35971 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35971.html CVE-2024-35971 https://bugzilla.suse.com/1224578 SUSE Bug 1224578 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation. CVE-2024-35972 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35972.html CVE-2024-35972 https://bugzilla.suse.com/1224577 SUSE Bug 1224577 In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true), pskb_inet_may_pull() is only using skb->protocol. If anything else than ETH_P_IPV6 or ETH_P_IP is found in skb->protocol, pskb_inet_may_pull() does nothing at all. If a vlan tag was provided by the caller (af_packet in the syzbot case), the network header might not point to the correct location, and skb linear part could be smaller than expected. Add skb_vlan_inet_prepare() to perform a complete mac validation. Use this in geneve for the moment, I suspect we need to adopt this more broadly. v4 - Jakub reported v3 broke l2_tos_ttl_inherit.sh selftest - Only call __vlan_get_protocol() for vlan types. v2,v3 - Addressed Sabrina comments on v1 and v2 [1] BUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline] BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 geneve_xmit_skb drivers/net/geneve.c:910 [inline] geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 __netdev_start_xmit include/linux/netdevice.h:4903 [inline] netdev_start_xmit include/linux/netdevice.h:4917 [inline] xmit_one net/core/dev.c:3531 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547 __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3081 [inline] packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1318 [inline] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 packet_alloc_skb net/packet/af_packet.c:2930 [inline] packet_snd net/packet/af_packet.c:3024 [inline] packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 CPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 CVE-2024-35973 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35973.html CVE-2024-35973 https://bugzilla.suse.com/1224586 SUSE Bug 1224586 In the Linux kernel, the following vulnerability has been resolved: block: fix q->blkg_list corruption during disk rebind Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q->blkg_list when calling blkcg_init_disk() for rebind, then q->blkg_list becomes corrupted. Fix the list corruption issue by: - add blkg_init_queue() to initialize q->blkg_list & q->blkcg_mutex only - move calling blkg_init_queue() into blk_alloc_queue() The list corruption should be started since commit f1c006f1c685 ("blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()") which delays removing blkg from q->blkg_list into blkg_free_workfn(). CVE-2024-35974 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35974.html CVE-2024-35974 https://bugzilla.suse.com/1224573 SUSE Bug 1224573 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix transmit scheduler resource leak Inorder to support shaping and scheduling, Upon class creation Netdev driver allocates trasmit schedulers. The previous patch which added support for Round robin scheduling has a bug due to which driver is not freeing transmit schedulers post class deletion. This patch fixes the same. CVE-2024-35975 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35975.html CVE-2024-35975 https://bugzilla.suse.com/1224569 SUSE Bug 1224569 In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_uart: properly fix race condition The cros_ec_uart_probe() function calls devm_serdev_device_open() before it calls serdev_device_set_client_ops(). This can trigger a NULL pointer dereference: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace: <TASK> ... ? ttyport_receive_buf A simplified version of crashing code is as follows: static inline size_t serdev_controller_receive_buf(struct serdev_controller *ctrl, const u8 *data, size_t count) { struct serdev_device *serdev = ctrl->serdev; if (!serdev || !serdev->ops->receive_buf) // CRASH! return 0; return serdev->ops->receive_buf(serdev, data, count); } It assumes that if SERPORT_ACTIVE is set and serdev exists, serdev->ops will also exist. This conflicts with the existing cros_ec_uart_probe() logic, as it first calls devm_serdev_device_open() (which sets SERPORT_ACTIVE), and only later sets serdev->ops via serdev_device_set_client_ops(). Commit 01f95d42b8f4 ("platform/chrome: cros_ec_uart: fix race condition") attempted to fix a similar race condition, but while doing so, made the window of error for this race condition to happen much wider. Attempt to fix the race condition again, making sure we fully setup before calling devm_serdev_device_open(). CVE-2024-35977 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35977.html CVE-2024-35977 https://bugzilla.suse.com/1224568 SUSE Bug 1224568 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hci_req_sync_complete() In 'hci_req_sync_complete()', always free the previous sync request state before assigning reference to a new one. CVE-2024-35978 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35978.html CVE-2024-35978 https://bugzilla.suse.com/1224571 SUSE Bug 1224571 In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments (when enabled) or a single packet. But if the MTU becomes too low to transmit even the header + the VLAN specific part then the resizing of the local TT will never succeed. This can for example happen when the usable space is 110 bytes and 11 VLANs are on top of batman-adv. In this case, at least 116 byte would be needed. There will just be an endless spam of batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (110) in the log but the function will never finish. Problem here is that the timeout will be halved all the time and will then stagnate at 0 and therefore never be able to reduce the table even more. There are other scenarios possible with a similar result. The number of BATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too high to fit inside a packet. Such a scenario can therefore happen also with only a single VLAN + 7 non-purgable addresses - requiring at least 120 bytes. While this should be handled proactively when: * interface with too low MTU is added * VLAN is added * non-purgeable local mac is added * MTU of an attached interface is reduced * fragmentation setting gets disabled (which most likely requires dropping attached interfaces) not all of these scenarios can be prevented because batman-adv is only consuming events without the the possibility to prevent these actions (non-purgable MAC address added, MTU of an attached interface is reduced). It is therefore necessary to also make sure that the code is able to handle also the situations when there were already incompatible system configuration are present. CVE-2024-35982 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35982.html CVE-2024-35982 https://bugzilla.suse.com/1224566 SUSE Bug 1224566 In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer. [wsa: dropped the simplification in core-smbus to avoid theoretical regressions] CVE-2024-35984 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35984.html CVE-2024-35984 https://bugzilla.suse.com/1224567 SUSE Bug 1224567 In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The power_supply frame-work is not really designed for there to be long living in kernel references to power_supply devices. Specifically unregistering a power_supply while some other code has a reference to it triggers a WARN in power_supply_unregister(): WARN_ON(atomic_dec_return(&psy->use_cnt)); Folllowed by the power_supply still getting removed and the backing data freed anyway, leaving the tusb1210 charger-detect code with a dangling reference, resulting in a crash the next time tusb1210_get_online() is called. Fix this by only holding the reference in tusb1210_get_online() freeing it at the end of the function. Note this still leaves a theoretical race window, but it avoids the issue when manually rmmod-ing the charger chip driver during development. CVE-2024-35986 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35986.html CVE-2024-35986 https://bugzilla.suse.com/1224562 SUSE Bug 1224562 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops: BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 1470e1067 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57 Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 RIP: 0010:mutex_lock+0x2e/0x50 ... Call Trace: <TASK> __die+0x24/0x70 page_fault_oops+0x82/0x160 do_user_addr_fault+0x65/0x6b0 __pfx___rdmsr_safe_on_cpu+0x10/0x10 exc_page_fault+0x7d/0x170 asm_exc_page_fault+0x26/0x30 mutex_lock+0x2e/0x50 mutex_lock+0x1e/0x50 perf_pmu_migrate_context+0x87/0x1f0 perf_event_cpu_offline+0x76/0x90 [idxd] cpuhp_invoke_callback+0xa2/0x4f0 __pfx_perf_event_cpu_offline+0x10/0x10 [idxd] cpuhp_thread_fun+0x98/0x150 smpboot_thread_fn+0x27/0x260 smpboot_thread_fn+0x1af/0x260 __pfx_smpboot_thread_fn+0x10/0x10 kthread+0x103/0x140 __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 <TASK> Fix the issue by preventing the migration of the perf context to an invalid target. CVE-2024-35989 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35989.html CVE-2024-35989 https://bugzilla.suse.com/1224558 SUSE Bug 1224558 In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ 31.077578] ------------[ cut here ]------------ [ 31.077831] WARNING: CPU: 2 PID: 40 at drivers/dma/xilinx/xilinx_dpdma.c:834 xilinx_dpdma_chan_queue_transfer+0x274/0x5e0 [ 31.077953] Modules linked in: [ 31.078019] CPU: 2 PID: 40 Comm: kworker/u12:1 Not tainted 6.6.20+ #98 [ 31.078102] Hardware name: xlnx,zynqmp (DT) [ 31.078169] Workqueue: events_unbound deferred_probe_work_func [ 31.078272] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 31.078377] pc : xilinx_dpdma_chan_queue_transfer+0x274/0x5e0 [ 31.078473] lr : xilinx_dpdma_chan_queue_transfer+0x270/0x5e0 [ 31.078550] sp : ffffffc083bb2e10 [ 31.078590] x29: ffffffc083bb2e10 x28: 0000000000000000 x27: ffffff880165a168 [ 31.078754] x26: ffffff880164e920 x25: ffffff880164eab8 x24: ffffff880164d480 [ 31.078920] x23: ffffff880165a148 x22: ffffff880164e988 x21: 0000000000000000 [ 31.079132] x20: ffffffc082aa3000 x19: ffffff880164e880 x18: 0000000000000000 [ 31.079295] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 31.079453] x14: 0000000000000000 x13: ffffff8802263dc0 x12: 0000000000000001 [ 31.079613] x11: 0001ffc083bb2e34 x10: 0001ff880164e98f x9 : 0001ffc082aa3def [ 31.079824] x8 : 0001ffc082aa3dec x7 : 0000000000000000 x6 : 0000000000000516 [ 31.079982] x5 : ffffffc7f8d43000 x4 : ffffff88003c9c40 x3 : ffffffffffffffff [ 31.080147] x2 : ffffffc7f8d43000 x1 : 00000000000000c0 x0 : 0000000000000000 [ 31.080307] Call trace: [ 31.080340] xilinx_dpdma_chan_queue_transfer+0x274/0x5e0 [ 31.080518] xilinx_dpdma_issue_pending+0x11c/0x120 [ 31.080595] zynqmp_disp_layer_update+0x180/0x3ac [ 31.080712] zynqmp_dpsub_plane_atomic_update+0x11c/0x21c [ 31.080825] drm_atomic_helper_commit_planes+0x20c/0x684 [ 31.080951] drm_atomic_helper_commit_tail+0x5c/0xb0 [ 31.081139] commit_tail+0x234/0x294 [ 31.081246] drm_atomic_helper_commit+0x1f8/0x210 [ 31.081363] drm_atomic_commit+0x100/0x140 [ 31.081477] drm_client_modeset_commit_atomic+0x318/0x384 [ 31.081634] drm_client_modeset_commit_locked+0x8c/0x24c [ 31.081725] drm_client_modeset_commit+0x34/0x5c [ 31.081812] __drm_fb_helper_restore_fbdev_mode_unlocked+0x104/0x168 [ 31.081899] drm_fb_helper_set_par+0x50/0x70 [ 31.081971] fbcon_init+0x538/0xc48 [ 31.082047] visual_init+0x16c/0x23c [ 31.082207] do_bind_con_driver.isra.0+0x2d0/0x634 [ 31.082320] do_take_over_console+0x24c/0x33c [ 31.082429] do_fbcon_takeover+0xbc/0x1b0 [ 31.082503] fbcon_fb_registered+0x2d0/0x34c [ 31.082663] register_framebuffer+0x27c/0x38c [ 31.082767] __drm_fb_helper_initial_config_and_unlock+0x5c0/0x91c [ 31.082939] drm_fb_helper_initial_config+0x50/0x74 [ 31.083012] drm_fbdev_dma_client_hotplug+0xb8/0x108 [ 31.083115] drm_client_register+0xa0/0xf4 [ 31.083195] drm_fbdev_dma_setup+0xb0/0x1cc [ 31.083293] zynqmp_dpsub_drm_init+0x45c/0x4e0 [ 31.083431] zynqmp_dpsub_probe+0x444/0x5e0 [ 31.083616] platform_probe+0x8c/0x13c [ 31.083713] really_probe+0x258/0x59c [ 31.083793] __driver_probe_device+0xc4/0x224 [ 31.083878] driver_probe_device+0x70/0x1c0 [ 31.083961] __device_attach_driver+0x108/0x1e0 [ 31.084052] bus_for_each_drv+0x9c/0x100 [ 31.084125] __device_attach+0x100/0x298 [ 31.084207] device_initial_probe+0x14/0x20 [ 31.084292] bus_probe_device+0xd8/0xdc [ 31.084368] deferred_probe_work_func+0x11c/0x180 [ 31.084451] process_one_work+0x3ac/0x988 [ 31.084643] worker_thread+0x398/0x694 [ 31.084752] kthread+0x1bc/0x1c0 [ 31.084848] ret_from_fork+0x10/0x20 [ 31.084932] irq event stamp: 64549 [ 31.084970] hardirqs last enabled at (64548): [<ffffffc081adf35c>] _raw_spin_unlock_irqrestore+0x80/0x90 [ 31.085157] ---truncated--- CVE-2024-35990 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35990.html CVE-2024-35990 https://bugzilla.suse.com/1224559 SUSE Bug 1224559 In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of bounds read There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr' every iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'. Make sure 'gbe_phy_init[addr]' is used when all elements of 'gbe_phy_init_fix' array are handled. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2024-35992 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35992.html CVE-2024-35992 https://bugzilla.suse.com/1224555 SUSE Bug 1224555 In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : cppc_get_perf_caps+0xec/0x410 lr : cppc_get_perf_caps+0xe8/0x410 sp : ffff8000155ab730 x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078 x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000 x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008 x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006 x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028 x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000 Kernel panic - not syncing: Asynchronous SError Interrupt CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION Call trace: dump_backtrace+0x0/0x1e0 show_stack+0x24/0x30 dump_stack_lvl+0x8c/0xb8 dump_stack+0x18/0x34 panic+0x16c/0x384 add_taint+0x0/0xc0 arm64_serror_panic+0x7c/0x90 arm64_is_fatal_ras_serror+0x34/0xa4 do_serror+0x50/0x6c el1h_64_error_handler+0x40/0x74 el1h_64_error+0x7c/0x80 cppc_get_perf_caps+0xec/0x410 cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq] cpufreq_online+0x2dc/0xa30 cpufreq_add_dev+0xc0/0xd4 subsys_interface_register+0x134/0x14c cpufreq_register_driver+0x1b0/0x354 cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq] do_one_initcall+0x50/0x250 do_init_module+0x60/0x27c load_module+0x2300/0x2570 __do_sys_finit_module+0xa8/0x114 __arm64_sys_finit_module+0x2c/0x3c invoke_syscall+0x78/0x100 el0_svc_common.constprop.0+0x180/0x1a0 do_el0_svc+0x84/0xa0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0xa4/0x12c el0t_64_sync+0x1a4/0x1a8 Instead, use access_width to determine the size and use the offset and width to shift and mask the bits to read/write out. Make sure to add a check for system memory since pcc redefines the access_width to subspace id. If access_width is not set, then fall back to using bit_width. [ rjw: Subject and changelog edits, comment adjustments ] CVE-2024-35995 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35995.html CVE-2024-35995 https://bugzilla.suse.com/1224557 SUSE Bug 1224557 In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag. CVE-2024-35997 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-35997.html CVE-2024-35997 https://bugzilla.suse.com/1224552 SUSE Bug 1224552 In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_pin_on_pin_register() for multiple parent pins In scenario where pin is registered with multiple parent pins via dpll_pin_on_pin_register(..), all belonging to the same dpll device. A second call to dpll_pin_on_pin_unregister(..) would cause a call trace, as it tries to use already released registration resources (due to fix introduced in b446631f355e). In this scenario pin was registered twice, so resources are not yet expected to be release until each registered pin/pin pair is unregistered. Currently, the following crash/call trace is produced when ice driver is removed on the system with installed E810T NIC which includes dpll device: WARNING: CPU: 51 PID: 9155 at drivers/dpll/dpll_core.c:809 dpll_pin_ops+0x20/0x30 RIP: 0010:dpll_pin_ops+0x20/0x30 Call Trace: ? __warn+0x7f/0x130 ? dpll_pin_ops+0x20/0x30 dpll_msg_add_pin_freq+0x37/0x1d0 dpll_cmd_pin_get_one+0x1c0/0x400 ? __nlmsg_put+0x63/0x80 dpll_pin_event_send+0x93/0x140 dpll_pin_on_pin_unregister+0x3f/0x100 ice_dpll_deinit_pins+0xa1/0x230 [ice] ice_remove+0xf1/0x210 [ice] Fix by adding a parent pointer as a cookie when creating a registration, also when searching for it. For the regular pins pass NULL, this allows to create separated registration for each parent the pin is registered with. CVE-2024-36002 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36002.html CVE-2024-36002 https://bugzilla.suse.com/1224546 SUSE Bug 1224546 In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The dev_tracker is added to ax25_cb in ax25_bind(). When the ax25 device is detaching, the dev_tracker of ax25_cb should be deallocated in ax25_kill_by_device() instead of the dev_tracker of ax25_dev. The log reported by ref_tracker is shown below: [ 80.884935] ref_tracker: reference already released. [ 80.885150] ref_tracker: allocated in: [ 80.885349] ax25_dev_device_up+0x105/0x540 [ 80.885730] ax25_device_event+0xa4/0x420 [ 80.885730] notifier_call_chain+0xc9/0x1e0 [ 80.885730] __dev_notify_flags+0x138/0x280 [ 80.885730] dev_change_flags+0xd7/0x180 [ 80.885730] dev_ifsioc+0x6a9/0xa30 [ 80.885730] dev_ioctl+0x4d8/0xd90 [ 80.885730] sock_do_ioctl+0x1c2/0x2d0 [ 80.885730] sock_ioctl+0x38b/0x4f0 [ 80.885730] __se_sys_ioctl+0xad/0xf0 [ 80.885730] do_syscall_64+0xc4/0x1b0 [ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 80.885730] ref_tracker: freed in: [ 80.885730] ax25_device_event+0x272/0x420 [ 80.885730] notifier_call_chain+0xc9/0x1e0 [ 80.885730] dev_close_many+0x272/0x370 [ 80.885730] unregister_netdevice_many_notify+0x3b5/0x1180 [ 80.885730] unregister_netdev+0xcf/0x120 [ 80.885730] sixpack_close+0x11f/0x1b0 [ 80.885730] tty_ldisc_kill+0xcb/0x190 [ 80.885730] tty_ldisc_hangup+0x338/0x3d0 [ 80.885730] __tty_hangup+0x504/0x740 [ 80.885730] tty_release+0x46e/0xd80 [ 80.885730] __fput+0x37f/0x770 [ 80.885730] __x64_sys_close+0x7b/0xb0 [ 80.885730] do_syscall_64+0xc4/0x1b0 [ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 80.893739] ------------[ cut here ]------------ [ 80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0 [ 80.894297] Modules linked in: [ 80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11 [ 80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4 [ 80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0 [ 80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9 [ 80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286 [ 80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000 [ 80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518 [ 80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a [ 80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4 [ 80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518 [ 80.898279] FS: 00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000 [ 80.899436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0 ... [ 80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at [ 80.935774] ax25_bind+0x424/0x4e0 [ 80.935774] __sys_bind+0x1d9/0x270 [ 80.935774] __x64_sys_bind+0x75/0x80 [ 80.935774] do_syscall_64+0xc4/0x1b0 [ 80.935774] entry_SYSCALL_64_after_hwframe+0x67/0x6f Change ax25_dev->dev_tracker to the dev_tracker of ax25_cb in order to mitigate the bug. CVE-2024-36009 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36009.html CVE-2024-36009 https://bugzilla.suse.com/1224542 SUSE Bug 1224542 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt(). CVE-2024-36011 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36011.html CVE-2024-36011 https://bugzilla.suse.com/1225579 SUSE Bug 1225579 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed. [free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed. ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309 CVE-2024-36012 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36012.html CVE-2024-36012 https://bugzilla.suse.com/1225502 SUSE Bug 1225502 In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset. CVE-2024-36014 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36014.html CVE-2024-36014 https://bugzilla.suse.com/1225593 SUSE Bug 1225593 In the Linux kernel, the following vulnerability has been resolved: nouveau/uvmm: fix addr/range calcs for remap operations dEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8 was causing a remap operation like the below. op_remap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a 0000000000000000 op_remap: next: op_remap: unmap: 0000003fffed0000 0000000000100000 0 op_map: map: 0000003ffffc0000 0000000000010000 000000005b1ba33c 00000000000e0000 This was resulting in an unmap operation from 0x3fffed0000+0xf0000, 0x100000 which was corrupting the pagetables and oopsing the kernel. Fixes the prev + unmap range calcs to use start/end and map back to addr/range. CVE-2024-36018 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36018.html CVE-2024-36018 https://bugzilla.suse.com/1225694 SUSE Bug 1225694 In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was indexing entry[] by only the register address, leading to an out-of-bounds access that copied some part of the kernel memory over the cache contents. This bug was not detected by the regmap KUnit test because it only tests with a block of registers starting at 0, so mas.index == 0. CVE-2024-36019 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36019.html CVE-2024-36019 https://bugzilla.suse.com/1225695 SUSE Bug 1225695 In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity. CVE-2024-36020 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36020.html CVE-2024-36020 https://bugzilla.suse.com/1225698 SUSE Bug 1225698 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during pf initialization The devlink reload process will access the hardware resources, but the register operation is done before the hardware is initialized. So, processing the devlink reload during initialization may lead to kernel crash. This patch fixes this by taking devl_lock during initialization. CVE-2024-36021 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36021.html CVE-2024-36021 https://bugzilla.suse.com/1225699 SUSE Bug 1225699 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this > comparison needs to be >= to prevent memory corruption. CVE-2024-36025 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36025.html CVE-2024-36025 https://bugzilla.suse.com/1225704 SUSE Bug 1225704 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 While doing multiple S4 stress tests, GC/RLC/PMFW get into an invalid state resulting into hard hangs. Adding a GFX reset as workaround just before sending the MP1_UNLOAD message avoids this failure. CVE-2024-36026 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36026.html CVE-2024-36026 https://bugzilla.suse.com/1225705 SUSE Bug 1225705 In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. CVE-2024-36029 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36029.html CVE-2024-36029 https://bugzilla.suse.com/1225708 SUSE Bug 1225708 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. CVE-2024-36032 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36032.html CVE-2024-36032 https://bugzilla.suse.com/1225720 SUSE Bug 1225720 In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 This change ensures the variable is available for subsequent operations that require it. [1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/ CVE-2024-36476 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36476.html CVE-2024-36476 https://bugzilla.suse.com/1235902 SUSE Bug 1235902 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. CVE-2024-36880 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36880.html CVE-2024-36880 https://bugzilla.suse.com/1225722 SUSE Bug 1225722 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-36885 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36885.html CVE-2024-36885 https://bugzilla.suse.com/1225728 SUSE Bug 1225728 In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix mas_empty_area_rev() null pointer dereference Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end(). Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state. A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above. CVE-2024-36891 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36891.html CVE-2024-36891 https://bugzilla.suse.com/1225710 SUSE Bug 1225710 In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. CVE-2024-36893 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36893.html CVE-2024-36893 https://bugzilla.suse.com/1225748 SUSE Bug 1225748 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") CVE-2024-36894 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36894.html CVE-2024-36894 https://bugzilla.suse.com/1225749 SUSE Bug 1225749 https://bugzilla.suse.com/1226139 SUSE Bug 1226139 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper function __uvcg_iter_item_entries() to aid with parsing lists of items on configfs attributes stores. This function is a generalization of another very similar function, which used a stack-allocated temporary buffer of fixed size for each item in the list and used the sizeof() operator to check for potential buffer overruns. The new function was changed to allocate the now variably sized temp buffer on heap, but wasn't properly updated to also check for max buffer size using the computed size instead of sizeof() operator. As a result, the maximum item size was 7 (plus null terminator) on 64-bit platforms, and 3 on 32-bit ones. While 7 is accidentally just barely enough, 3 is definitely too small for some of UVC configfs attributes. For example, dwFrameInteval, specified in 100ns units, usually has 6-digit item values, e.g. 166666 for 60fps. CVE-2024-36895 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36895.html CVE-2024-36895 https://bugzilla.suse.com/1225750 SUSE Bug 1225750 In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disable_store(): usb_hub_to_struct_hub() can return NULL if the hub that the port belongs to is concurrently removed, but the function does not check for this possibility before dereferencing the returned value. It turns out that the first dereference is unnecessary, since hub->intfdev is the parent of the port device, so it can be changed easily. Adding a check for hub == NULL prevents further problems. The same bug exists in the disable_show() routine, and it can be fixed the same way. CVE-2024-36896 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36896.html CVE-2024-36896 https://bugzilla.suse.com/1225734 SUSE Bug 1225734 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3. CVE-2024-36897 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36897.html CVE-2024-36897 https://bugzilla.suse.com/1225735 SUSE Bug 1225735 In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to contain edge events is overlooked. This results in events being written to and read from an uninitialised kfifo. Read events are returned to userspace. Initialise the kfifo in the case where the software debounce is already active. CVE-2024-36898 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36898.html CVE-2024-36898 https://bugzilla.suse.com/1225736 SUSE Bug 1225736 In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stack-out-of-bounds in refresh_cpu_vm_stats.constprop.0+0xcc/0x2ec [ 33.454660] Write of size 164 at addr c1d03d30 by task swapper/0/0 [ 33.455515] [ 33.455767] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 6.1.25-mainline #1 [ 33.456880] Hardware name: Generic DT based system [ 33.457555] unwind_backtrace from show_stack+0x18/0x1c [ 33.458326] show_stack from dump_stack_lvl+0x40/0x4c [ 33.459072] dump_stack_lvl from print_report+0x158/0x4a4 [ 33.459863] print_report from kasan_report+0x9c/0x148 [ 33.460616] kasan_report from kasan_check_range+0x94/0x1a0 [ 33.461424] kasan_check_range from memset+0x20/0x3c [ 33.462157] memset from refresh_cpu_vm_stats.constprop.0+0xcc/0x2ec [ 33.463064] refresh_cpu_vm_stats.constprop.0 from tick_nohz_idle_stop_tick+0x180/0x53c [ 33.464181] tick_nohz_idle_stop_tick from do_idle+0x264/0x354 [ 33.465029] do_idle from cpu_startup_entry+0x20/0x24 [ 33.465769] cpu_startup_entry from rest_init+0xf0/0xf4 [ 33.466528] rest_init from arch_post_acpi_subsys_init+0x0/0x18 [ 33.467397] [ 33.467644] The buggy address belongs to stack of task swapper/0/0 [ 33.468493] and is located at offset 112 in frame: [ 33.469172] refresh_cpu_vm_stats.constprop.0+0x0/0x2ec [ 33.469917] [ 33.470165] This frame has 2 objects: [ 33.470696] [32, 76) 'global_zone_diff' [ 33.470729] [112, 276) 'global_node_diff' [ 33.471294] [ 33.472095] The buggy address belongs to the physical page: [ 33.472862] page:3cd72da8 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x41d03 [ 33.473944] flags: 0x1000(reserved|zone=0) [ 33.474565] raw: 00001000 ed741470 ed741470 00000000 00000000 00000000 ffffffff 00000001 [ 33.475656] raw: 00000000 [ 33.476050] page dumped because: kasan: bad access detected [ 33.476816] [ 33.477061] Memory state around the buggy address: [ 33.477732] c1d03c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.478630] c1d03c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 [ 33.479526] >c1d03d00: 00 04 f2 f2 f2 f2 00 00 00 00 00 00 f1 f1 f1 f1 [ 33.480415] ^ [ 33.481195] c1d03d80: 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3 f3 [ 33.482088] c1d03e00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.482978] ================================================================== We find the root cause of this OOB is that arm does not clear stale stack poison in the case of cpuidle. This patch refer to arch/arm64/kernel/sleep.S to resolve this issue. From cited commit [1] that explain the problem Functions which the compiler has instrumented for KASAN place poison on the stack shadow upon entry and remove this poison prior to returning. In the case of cpuidle, CPUs exit the kernel a number of levels deep in C code. Any instrumented functions on this critical path will leave portions of the stack shadow poisoned. If CPUs lose context and return to the kernel via a cold path, we restore a prior context saved in __cpu_suspend_enter are forgotten, and we never remove the poison they placed in the stack shadow area by functions calls between this and the actual exit of the kernel. Thus, (depending on stackframe layout) subsequent calls to instrumented functions may hit this stale poison, resulting in (spurious) KASAN splats to the console. To avoid this, clear any stale poison from the idle thread for a CPU prior to bringing a CPU online. From cited commit [2] Extend to check for CONFIG_KASAN_STACK [1] commit 0d97e6d8024c ("arm64: kasan: clear stale stack poison") [2] commit d56a9ef84bd0 ("kasan, arm64: unpoison stack only with CONFIG_KASAN_STACK") CVE-2024-36906 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36906.html CVE-2024-36906 https://bugzilla.suse.com/1225715 SUSE Bug 1225715 In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocg_pay_debt(), warn is triggered if 'active_list' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn() is run at that time: WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190 Call trace: iocg_pay_debt+0x14c/0x190 iocg_kick_waitq+0x438/0x4c0 iocg_waitq_timer_fn+0xd8/0x130 __run_hrtimer+0x144/0x45c __hrtimer_run_queues+0x16c/0x244 hrtimer_interrupt+0x2cc/0x7b0 The warn in this situation is meaningless. Since this iocg is being removed, the state of the 'active_list' is irrelevant, and 'waitq_timer' is canceled after removing 'active_list' in ioc_pd_free(), which ensures iocg is freed after iocg_waitq_timer_fn() returns. Therefore, add the check if iocg was already offlined to avoid warn when removing a blkcg or disk. CVE-2024-36908 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36908.html CVE-2024-36908 https://bugzilla.suse.com/1225743 SUSE Bug 1225743 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: guard against invalid STA ID on removal Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would result in out-of-bounds array accesses. This prevents issues should the driver get into a bad state during error handling. CVE-2024-36921 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36921.html CVE-2024-36921 https://bugzilla.suse.com/1225769 SUSE Bug 1225769 https://bugzilla.suse.com/1225850 SUSE Bug 1225850 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice, resulting in the WARN_ONCE() a little later. Fix that by reading txq->read_ptr under lock. CVE-2024-36922 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36922.html CVE-2024-36922 https://bugzilla.suse.com/1225805 SUSE Bug 1225805 In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi function pointer that is NULL. Example: --------------------------------------------------------------------------- [ 2057.572696] illegal operation: 0001 ilc:1 [#1] SMP [ 2057.572702] Modules linked in: af_iucv qeth_l3 zfcp scsi_transport_fc sunrpc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nf_tables_set nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink ghash_s390 prng xts aes_s390 des_s390 de s_generic sha3_512_s390 sha3_256_s390 sha512_s390 vfio_ccw vfio_mdev mdev vfio_iommu_type1 eadm_sch vfio ext4 mbcache jbd2 qeth_l2 bridge stp llc dasd_eckd_mod qeth dasd_mod qdio ccwgroup pkey zcrypt [ 2057.572739] CPU: 6 PID: 60182 Comm: stress_client Kdump: loaded Not tainted 4.18.0-541.el8.s390x #1 [ 2057.572742] Hardware name: IBM 3931 A01 704 (LPAR) [ 2057.572744] Krnl PSW : 0704f00180000000 0000000000000002 (0x2) [ 2057.572748] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3 [ 2057.572751] Krnl GPRS: 0000000000000004 0000000000000000 00000000a3b008d8 0000000000000000 [ 2057.572754] 00000000a3b008d8 cb923a29c779abc5 0000000000000000 00000000814cfd80 [ 2057.572756] 000000000000012c 0000000000000000 00000000a3b008d8 00000000a3b008d8 [ 2057.572758] 00000000bab6d500 00000000814cfd80 0000000091317e46 00000000814cfc68 [ 2057.572762] Krnl Code:#0000000000000000: 0000 illegal >0000000000000002: 0000 illegal 0000000000000004: 0000 illegal 0000000000000006: 0000 illegal 0000000000000008: 0000 illegal 000000000000000a: 0000 illegal 000000000000000c: 0000 illegal 000000000000000e: 0000 illegal [ 2057.572800] Call Trace: [ 2057.572801] ([<00000000ec639700>] 0xec639700) [ 2057.572803] [<00000000913183e2>] net_rx_action+0x2ba/0x398 [ 2057.572809] [<0000000091515f76>] __do_softirq+0x11e/0x3a0 [ 2057.572813] [<0000000090ce160c>] do_softirq_own_stack+0x3c/0x58 [ 2057.572817] ([<0000000090d2cbd6>] do_softirq.part.1+0x56/0x60) [ 2057.572822] [<0000000090d2cc60>] __local_bh_enable_ip+0x80/0x98 [ 2057.572825] [<0000000091314706>] __dev_queue_xmit+0x2be/0xd70 [ 2057.572827] [<000003ff803dd6d6>] afiucv_hs_send+0x24e/0x300 [af_iucv] [ 2057.572830] [<000003ff803dd88a>] iucv_send_ctrl+0x102/0x138 [af_iucv] [ 2057.572833] [<000003ff803de72a>] iucv_sock_connect+0x37a/0x468 [af_iucv] [ 2057.572835] [<00000000912e7e90>] __sys_connect+0xa0/0xd8 [ 2057.572839] [<00000000912e9580>] sys_socketcall+0x228/0x348 [ 2057.572841] [<0000000091514e1a>] system_call+0x2a6/0x2c8 [ 2057.572843] Last Breaking-Event-Address: [ 2057.572844] [<0000000091317e44>] __napi_poll+0x4c/0x1d8 [ 2057.572846] [ 2057.572847] Kernel panic - not syncing: Fatal exception in interrupt ------------------------------------------------------------------------------------------- Analysis: There is one napi structure per out_q: card->qdio.out_qs[i].napi The napi.poll functions are set during qeth_open(). Since commit 1cfef80d4c2b ("s390/qeth: Don't call dev_close/dev_open (DOWN/UP)") qeth_set_offline()/qeth_set_online() no longer call dev_close()/ dev_open(). So if qeth_free_qdio_queues() cleared card->qdio.out_qs[i].napi.poll while the network interface was UP and the card was offline, they are not set again. Reproduction: chzdev -e $devno layer2=0 ip link set dev $network_interface up echo 0 > /sys/bus/ccw ---truncated--- CVE-2024-36928 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36928.html CVE-2024-36928 https://bugzilla.suse.com/1225775 SUSE Bug 1225775 In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spi_sync If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to a null pointer dereference when the callback is invoked from spi_finalize_current_message(). With function inlining disabled, the call stack might look like this: _raw_spin_lock_irqsave from complete_with_flags+0x18/0x58 complete_with_flags from spi_complete+0x8/0xc spi_complete from spi_finalize_current_message+0xec/0x184 spi_finalize_current_message from spi_transfer_one_message+0x2a8/0x474 spi_transfer_one_message from __spi_pump_transfer_message+0x104/0x230 __spi_pump_transfer_message from __spi_transfer_message_noqueue+0x30/0xc4 __spi_transfer_message_noqueue from __spi_sync+0x204/0x248 __spi_sync from spi_sync+0x24/0x3c spi_sync from mcp251xfd_regmap_crc_read+0x124/0x28c [mcp251xfd] mcp251xfd_regmap_crc_read [mcp251xfd] from _regmap_raw_read+0xf8/0x154 _regmap_raw_read from _regmap_bus_read+0x44/0x70 _regmap_bus_read from _regmap_read+0x60/0xd8 _regmap_read from regmap_read+0x3c/0x5c regmap_read from mcp251xfd_alloc_can_err_skb+0x1c/0x54 [mcp251xfd] mcp251xfd_alloc_can_err_skb [mcp251xfd] from mcp251xfd_irq+0x194/0xe70 [mcp251xfd] mcp251xfd_irq [mcp251xfd] from irq_thread_fn+0x1c/0x78 irq_thread_fn from irq_thread+0x118/0x1f4 irq_thread from kthread+0xd8/0xf4 kthread from ret_from_fork+0x14/0x28 Fix this by also setting message->complete to NULL when the transfer is complete. CVE-2024-36930 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36930.html CVE-2024-36930 https://bugzilla.suse.com/1225830 SUSE Bug 1225830 In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead. CVE-2024-36931 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36931.html CVE-2024-36931 https://bugzilla.suse.com/1225747 SUSE Bug 1225747 In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well. CVE-2024-36940 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36940.html CVE-2024-36940 https://bugzilla.suse.com/1225840 SUSE Bug 1225840 https://bugzilla.suse.com/1225841 SUSE Bug 1225841 In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here. CVE-2024-36941 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36941.html CVE-2024-36941 https://bugzilla.suse.com/1225835 SUSE Bug 1225835 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-36942 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36942.html CVE-2024-36942 https://bugzilla.suse.com/1225843 SUSE Bug 1225843 In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got out was: [ 93.607888] Testing event system initcall: OK [ 93.667730] Running tests on all trace events: [ 93.669757] Testing all events: OK [ 95.631064] ------------[ cut here ]------------ Timed out after 60 seconds" and further debugging points to a possible circular locking dependency between the console_owner locking and the worker pool locking. Reverting the commit allows Steve's VM to boot to completion again. [ This may obviously result in the "[TTM] Buffer eviction failed" messages again, which was the reason for that original revert. But at this point this seems preferable to a non-booting system... ] CVE-2024-36944 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36944.html CVE-2024-36944 https://bugzilla.suse.com/1225847 SUSE Bug 1225847 In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call takes time to finish. other device will start reset and recover without waiting. if the process has not been evicted before doing recover, it will be restored, then caused page fault. CVE-2024-36949 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36949.html CVE-2024-36949 https://bugzilla.suse.com/1225894 SUSE Bug 1225894 In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008 in a007bb857e0b26f5d8b73c2ff90782d9c0972620: If OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we will unmask bus reset interrupts so we can log them. irq_handler logs the bus reset interrupt. However, we can't clear the bus reset event flag in irq_handler, because we won't service the event until later. irq_handler exits with the event flag still set. If the corresponding interrupt is still unmasked, the first bus reset will usually freeze the system due to irq_handler being called again each time it exits. This freeze can be reproduced by loading firewire_ohci with "modprobe firewire_ohci debug=-1" (to enable all debugging output). Apparently there are also some cases where bus_reset_work will get called soon enough to clear the event, and operation will continue normally. This freeze was first reported a few months after a007bb85 was committed, but until now it was never fixed. The debug level could safely be set to -1 through sysfs after the module was loaded, but this would be ineffectual in logging bus reset interrupts since they were only unmasked during initialization. irq_handler will now leave the event flag set but mask bus reset interrupts, so irq_handler won't be called again and there will be no freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will unmask the interrupt after servicing the event, so future interrupts will be caught as desired. As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be enabled through sysfs in addition to during initial module loading. However, when enabled through sysfs, logging of bus reset interrupts will be effective only starting with the second bus reset, after bus_reset_work has executed. CVE-2024-36950 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36950.html CVE-2024-36950 https://bugzilla.suse.com/1225895 SUSE Bug 1225895 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api to guard exception code type checking as well. CVE-2024-36951 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36951.html CVE-2024-36951 https://bugzilla.suse.com/1225896 SUSE Bug 1225896 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() The documentation for device_get_named_child_node() mentions this important point: " The caller is responsible for calling fwnode_handle_put() on the returned fwnode pointer. " Add fwnode_handle_put() to avoid a leaked reference. CVE-2024-36955 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36955.html CVE-2024-36955 https://bugzilla.suse.com/1225810 SUSE Bug 1225810 In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly. CVE-2024-36959 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-36959.html CVE-2024-36959 https://bugzilla.suse.com/1225839 SUSE Bug 1225839 In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the asynchronous thread will panic when executing the completion notification because the main thread completion object has been released. BUG: unable to handle page fault for address: fffffffffffffff8 PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:complete_all+0x3e/0xa0 [...] Call Trace: <TASK> ? __die_body+0x68/0xb0 ? page_fault_oops+0x379/0x3e0 ? exc_page_fault+0x69/0xa0 ? asm_exc_page_fault+0x22/0x30 ? complete_all+0x3e/0xa0 fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xd8/0x110 ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)] ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> [...] CR2: fffffffffffffff8 ---[ end trace 0000000000000000 ]--- Use the reference counter to ensure safe release as Sergey suggests: https://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/ CVE-2024-39282 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-39282.html CVE-2024-39282 https://bugzilla.suse.com/1235903 SUSE Bug 1235903 In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy() to insert the completed symbol into the command buffer. Unfortunately it passes the size of the source buffer rather than the destination to strncpy() with predictably horrible results. Most obviously if the command buffer is already full but cp, the cursor position, is in the middle of the buffer, then we will write past the end of the supplied buffer. Fix this by replacing the dubious strncpy() calls with memmove()/memcpy() calls plus explicit boundary checks to make sure we have enough space before we start moving characters around. CVE-2024-39480 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-39480.html CVE-2024-39480 https://bugzilla.suse.com/1227445 SUSE Bug 1227445 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle will result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows maps via ->validate callback in nft_lookup, so there appears no reason to iterate the maps again. nf_tables_check_loops() and all its helper functions can be removed. This improves ruleset load time significantly, from 23s down to 12s. This also fixes a crash bug. Old loop detection code can result in unbounded recursion: BUG: TASK stack guard page was hit at .... Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN CPU: 4 PID: 1539 Comm: nft Not tainted 6.10.0-rc5+ #1 [..] with a suitable ruleset during validation of register stores. I can't see any actual reason to attempt to check for this from nft_validate_register_store(), at this point the transaction is still in progress, so we don't have a full picture of the rule graph. For nf-next it might make sense to either remove it or make this depend on table->validate_state in case we could catch an error earlier (for improved error reporting to userspace). CVE-2024-41042 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-41042.html CVE-2024-41042 https://bugzilla.suse.com/1228526 SUSE Bug 1228526 In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Split the allocation side out to make the error handling boundary easier to navigate. The apple driver had been doing this wrong, leaking the controller device memory on a tagset failure. CVE-2024-43913 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-43913.html CVE-2024-43913 https://bugzilla.suse.com/1229833 SUSE Bug 1229833 In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: wait for previous gc cycles when removing port syzbot hit a use-after-free[1] which is caused because the bridge doesn't make sure that all previous garbage has been collected when removing a port. What happens is: CPU 1 CPU 2 start gc cycle remove port acquire gc lock first wait for lock call br_multicasg_gc() directly acquire lock now but free port the port can be freed while grp timers still running Make sure all previous gc cycles have finished by using flush_work before freeing the port. [1] BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861 Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699 CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861 call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1843 [inline] __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417 __run_timer_base kernel/time/timer.c:2428 [inline] __run_timer_base kernel/time/timer.c:2421 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2437 CVE-2024-44934 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-44934.html CVE-2024-44934 https://bugzilla.suse.com/1229809 SUSE Bug 1229809 In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion could happen: vsock_bpf_recvmsg() -> __vsock_recvmsg() -> vsock_connectible_recvmsg() -> prot->recvmsg() -> vsock_bpf_recvmsg() again We need to fix it by calling the original ->recvmsg() without any BPF sockmap logic in __vsock_recvmsg(). CVE-2024-44996 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-44996.html CVE-2024-44996 https://bugzilla.suse.com/1230205 SUSE Bug 1230205 In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Bus cleanup path in DMA mode may trigger a RING_OP_STAT interrupt when the ring is being stopped. Depending on timing between ring stop request completion, interrupt handler removal and code execution this may lead to a NULL pointer dereference in hci_dma_irq_handler() if it gets to run after the io_data pointer is set to NULL in hci_dma_cleanup(). Prevent this my masking the ring interrupts before ring stop request. CVE-2024-45828 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-45828.html CVE-2024-45828 https://bugzilla.suse.com/1235705 SUSE Bug 1235705 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset. This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case, amdgpu_ib_free(ring->adev, ...) will be called, which would crash the machine because the ring value is bogus. To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this because the device is actually not used in this function. The next commit will remove the ring argument completely. (cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7) CVE-2024-46896 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-46896.html CVE-2024-46896 https://bugzilla.suse.com/1235707 SUSE Bug 1235707 In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc->pinmux data When two client of the same gpio call pinctrl_select_state() for the same functionality, we are seeing NULL pointer issue while accessing desc->mux_owner. Let's say two processes A, B executing in pin_request() for the same pin and process A updates the desc->mux_usecount but not yet updated the desc->mux_owner while process B see the desc->mux_usecount which got updated by A path and further executes strcmp and while accessing desc->mux_owner it crashes with NULL pointer. Serialize the access to mux related setting with a mutex lock. cpu0 (process A) cpu1(process B) pinctrl_select_state() { pinctrl_select_state() { pin_request() { pin_request() { ... .... } else { desc->mux_usecount++; desc->mux_usecount && strcmp(desc->mux_owner, owner)) { if (desc->mux_usecount > 1) return 0; desc->mux_owner = owner; } } CVE-2024-47141 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-47141.html CVE-2024-47141 https://bugzilla.suse.com/1235708 SUSE Bug 1235708 In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A) rq_lock() get_hash_bucket() (A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hash dma_entry_free() (W) radix_lock() // CPU2's one (W) rq_lock() CPU1 situation can happen when it extending radix tree and it tries to wake up kswapd via wake_all_kswapd(). CPU2 situation can happen while perf_event_task_sched_out() (i.e. dma sync operation is called while deleting perf_event using etm and etr tmc which are Arm Coresight hwtracing driver backends). To remove this possible situation, call dma_entry_free() after put_hash_bucket() in check_unmap(). CVE-2024-47143 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-47143.html CVE-2024-47143 https://bugzilla.suse.com/1235710 SUSE Bug 1235710 In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits are not yet consumed. This is deferred to 3) 2) The per destination limit is checked/updated. This might add a new node in inetpeer tree. 3) icmp_global_consume() consumes tokens if prior operations succeeded. This means that host wide ratelimit is still effective in keeping inetpeer tree small even under DDOS. As a bonus, I removed icmp_global.lock as the fast path can use a lock-free operation. CVE-2024-47678 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-47678.html CVE-2024-47678 https://bugzilla.suse.com/1231854 SUSE Bug 1231854 In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference. In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists. CVE-2024-47809 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-47809.html CVE-2024-47809 https://bugzilla.suse.com/1235714 SUSE Bug 1235714 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR The return value of ieee80211_probereq_get() might be NULL, so check it before using to avoid NULL pointer access. Addresses-Coverity-ID: 1529805 ("Dereference null return value") CVE-2024-48873 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-48873.html CVE-2024-48873 https://bugzilla.suse.com/1235716 SUSE Bug 1235716 In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this. CVE-2024-48881 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-48881.html CVE-2024-48881 https://bugzilla.suse.com/1235727 SUSE Bug 1235727 In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce admin_q before destroy it Kernel will hang on destroy admin_q while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15 #1 [ff61d23de260fc08] schedule at ffffffff8323c014 #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1 #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006 #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362 #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25 RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574 RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004 RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b This due to we have quiesced admi_q before cancel requests, but forgot to unquiesce before destroy it, as a result we fail to drain the pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and simplify the code. CVE-2024-49569 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-49569.html CVE-2024-49569 https://bugzilla.suse.com/1235730 SUSE Bug 1235730 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-49854 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-49854.html CVE-2024-49854 https://bugzilla.suse.com/1232193 SUSE Bug 1232193 https://bugzilla.suse.com/1236571 SUSE Bug 1236571 In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0 Read of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40 CPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724 Call Trace: <TASK> kasan_report+0x93/0xc0 ext4_split_extent_at+0xba8/0xcc0 ext4_split_extent.isra.0+0x18f/0x500 ext4_split_convert_extents+0x275/0x750 ext4_ext_handle_unwritten_extents+0x73e/0x1580 ext4_ext_map_blocks+0xe20/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] Allocated by task 40: __kmalloc_noprof+0x1ac/0x480 ext4_find_extent+0xf3b/0x1e70 ext4_ext_map_blocks+0x188/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] Freed by task 40: kfree+0xf1/0x2b0 ext4_find_extent+0xa71/0x1e70 ext4_ext_insert_extent+0xa22/0x3260 ext4_split_extent_at+0x3ef/0xcc0 ext4_split_extent.isra.0+0x18f/0x500 ext4_split_convert_extents+0x275/0x750 ext4_ext_handle_unwritten_extents+0x73e/0x1580 ext4_ext_map_blocks+0xe20/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] ================================================================== The flow of issue triggering is as follows: ext4_split_extent_at path = *ppath ext4_ext_insert_extent(ppath) ext4_ext_create_new_leaf(ppath) ext4_find_extent(orig_path) path = *orig_path read_extent_tree_block // return -ENOMEM or -EIO ext4_free_ext_path(path) kfree(path) *orig_path = NULL a. If err is -ENOMEM: ext4_ext_dirty(path + path->p_depth) // path use-after-free !!! b. If err is -EIO and we have EXT_DEBUG defined: ext4_ext_show_leaf(path) eh = path[depth].p_hdr // path also use-after-free !!! So when trying to zeroout or fix the extent length, call ext4_find_extent() to update the path. In addition we use *ppath directly as an ext4_ext_show_leaf() input to avoid possible use-after-free when EXT_DEBUG is defined, and to avoid unnecessary path updates. CVE-2024-49884 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-49884.html CVE-2024-49884 https://bugzilla.suse.com/1225742 SUSE Bug 1225742 https://bugzilla.suse.com/1232198 SUSE Bug 1232198 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw This commit addresses a potential null pointer dereference issue in the `dcn32_init_hw` function. The issue could occur when `dc->clk_mgr` is null. The fix adds a check to ensure `dc->clk_mgr` is not null before accessing its functions. This prevents a potential null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn32/dcn32_hwseq.c:961 dcn32_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 782) CVE-2024-49915 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-49915.html CVE-2024-49915 https://bugzilla.suse.com/1231963 SUSE Bug 1231963 In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure it is at least 20 bytes. It is possible for an user to provide a malicious 'GSO' packet, total length of 80 bytes. - 20 bytes of IPv4 header - 60 bytes TCP header - a small gso_size like 8 virtio_net_hdr_to_skb() would declare this packet as a normal GSO packet, because it would see 40 bytes of payload, bigger than gso_size. We need to make detect this case to not underflow qdisc_skb_cb(skb)->pkt_len. CVE-2024-49948 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-49948.html CVE-2024-49948 https://bugzilla.suse.com/1232161 SUSE Bug 1232161 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed If mgmt_index_removed is called while there are commands queued on cmd_sync it could lead to crashes like the bellow trace: 0x0000053D: __list_del_entry_valid_or_report+0x98/0xdc 0x0000053D: mgmt_pending_remove+0x18/0x58 [bluetooth] 0x0000053E: mgmt_remove_adv_monitor_complete+0x80/0x108 [bluetooth] 0x0000053E: hci_cmd_sync_work+0xbc/0x164 [bluetooth] So while handling mgmt_index_removed this attempts to dequeue commands passed as user_data to cmd_sync. CVE-2024-49951 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-49951.html CVE-2024-49951 https://bugzilla.suse.com/1232158 SUSE Bug 1232158 In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. CVE-2024-49978 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-49978.html CVE-2024-49978 https://bugzilla.suse.com/1232101 SUSE Bug 1232101 In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown sequence Alexander Sverdlin presents 2 problems during shutdown with the lan9303 driver. One is specific to lan9303 and the other just happens to reproduce there. The first problem is that lan9303 is unique among DSA drivers in that it calls dev_get_drvdata() at "arbitrary runtime" (not probe, not shutdown, not remove): phy_state_machine() -> ... -> dsa_user_phy_read() -> ds->ops->phy_read() -> lan9303_phy_read() -> chip->ops->phy_read() -> lan9303_mdio_phy_read() -> dev_get_drvdata() But we never stop the phy_state_machine(), so it may continue to run after dsa_switch_shutdown(). Our common pattern in all DSA drivers is to set drvdata to NULL to suppress the remove() method that may come afterwards. But in this case it will result in an NPD. The second problem is that the way in which we set dp->conduit->dsa_ptr = NULL; is concurrent with receive packet processing. dsa_switch_rcv() checks once whether dev->dsa_ptr is NULL, but afterwards, rather than continuing to use that non-NULL value, dev->dsa_ptr is dereferenced again and again without NULL checks: dsa_conduit_find_user() and many other places. In between dereferences, there is no locking to ensure that what was valid once continues to be valid. Both problems have the common aspect that closing the conduit interface solves them. In the first case, dev_close(conduit) triggers the NETDEV_GOING_DOWN event in dsa_user_netdevice_event() which closes user ports as well. dsa_port_disable_rt() calls phylink_stop(), which synchronously stops the phylink state machine, and ds->ops->phy_read() will thus no longer call into the driver after this point. In the second case, dev_close(conduit) should do this, as per Documentation/networking/driver.rst: | Quiescence | ---------- | | After the ndo_stop routine has been called, the hardware must | not receive or transmit any data. All in flight packets must | be aborted. If necessary, poll or wait for completion of | any reset commands. So it should be sufficient to ensure that later, when we zeroize conduit->dsa_ptr, there will be no concurrent dsa_switch_rcv() call on this conduit. The addition of the netif_device_detach() function is to ensure that ioctls, rtnetlinks and ethtool requests on the user ports no longer propagate down to the driver - we're no longer prepared to handle them. The race condition actually did not exist when commit 0650bf52b31f ("net: dsa: be compatible with masters which unregister on shutdown") first introduced dsa_switch_shutdown(). It was created later, when we stopped unregistering the user interfaces from a bad spot, and we just replaced that sequence with a racy zeroization of conduit->dsa_ptr (one which doesn't ensure that the interfaces aren't up). CVE-2024-49998 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-49998.html CVE-2024-49998 https://bugzilla.suse.com/1232087 SUSE Bug 1232087 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-50016 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50016.html CVE-2024-50016 https://bugzilla.suse.com/1232420 SUSE Bug 1232420 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-50018 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50018.html CVE-2024-50018 https://bugzilla.suse.com/1232419 SUSE Bug 1232419 In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCA_STAB only for root qdisc Most qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers. Unfortunately syzbot can crash a host rather easily using a TBF + SFQ combination, with an STAB on SFQ [1] We can't support TCA_STAB on arbitrary level, this would require to maintain per-qdisc storage. [1] [ 88.796496] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 88.798611] #PF: supervisor read access in kernel mode [ 88.799014] #PF: error_code(0x0000) - not-present page [ 88.799506] PGD 0 P4D 0 [ 88.799829] Oops: Oops: 0000 [#1] SMP NOPTI [ 88.800569] CPU: 14 UID: 0 PID: 2053 Comm: b371744477 Not tainted 6.12.0-rc1-virtme #1117 [ 88.801107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 88.801779] RIP: 0010:sfq_dequeue (net/sched/sch_sfq.c:272 net/sched/sch_sfq.c:499) sch_sfq [ 88.802544] Code: 0f b7 50 12 48 8d 04 d5 00 00 00 00 48 89 d6 48 29 d0 48 8b 91 c0 01 00 00 48 c1 e0 03 48 01 c2 66 83 7a 1a 00 7e c0 48 8b 3a <4c> 8b 07 4c 89 02 49 89 50 08 48 c7 47 08 00 00 00 00 48 c7 07 00 All code ======== 0: 0f b7 50 12 movzwl 0x12(%rax),%edx 4: 48 8d 04 d5 00 00 00 lea 0x0(,%rdx,8),%rax b: 00 c: 48 89 d6 mov %rdx,%rsi f: 48 29 d0 sub %rdx,%rax 12: 48 8b 91 c0 01 00 00 mov 0x1c0(%rcx),%rdx 19: 48 c1 e0 03 shl $0x3,%rax 1d: 48 01 c2 add %rax,%rdx 20: 66 83 7a 1a 00 cmpw $0x0,0x1a(%rdx) 25: 7e c0 jle 0xffffffffffffffe7 27: 48 8b 3a mov (%rdx),%rdi 2a:* 4c 8b 07 mov (%rdi),%r8 <-- trapping instruction 2d: 4c 89 02 mov %r8,(%rdx) 30: 49 89 50 08 mov %rdx,0x8(%r8) 34: 48 c7 47 08 00 00 00 movq $0x0,0x8(%rdi) 3b: 00 3c: 48 rex.W 3d: c7 .byte 0xc7 3e: 07 (bad) ... Code starting with the faulting instruction =========================================== 0: 4c 8b 07 mov (%rdi),%r8 3: 4c 89 02 mov %r8,(%rdx) 6: 49 89 50 08 mov %rdx,0x8(%r8) a: 48 c7 47 08 00 00 00 movq $0x0,0x8(%rdi) 11: 00 12: 48 rex.W 13: c7 .byte 0xc7 14: 07 (bad) ... [ 88.803721] RSP: 0018:ffff9a1f892b7d58 EFLAGS: 00000206 [ 88.804032] RAX: 0000000000000000 RBX: ffff9a1f8420c800 RCX: ffff9a1f8420c800 [ 88.804560] RDX: ffff9a1f81bc1440 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.805056] RBP: ffffffffc04bb0e0 R08: 0000000000000001 R09: 00000000ff7f9a1f [ 88.805473] R10: 000000000001001b R11: 0000000000009a1f R12: 0000000000000140 [ 88.806194] R13: 0000000000000001 R14: ffff9a1f886df400 R15: ffff9a1f886df4ac [ 88.806734] FS: 00007f445601a740(0000) GS:ffff9a2e7fd80000(0000) knlGS:0000000000000000 [ 88.807225] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.807672] CR2: 0000000000000000 CR3: 000000050cc46000 CR4: 00000000000006f0 [ 88.808165] Call Trace: [ 88.808459] <TASK> [ 88.808710] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) [ 88.809261] ? page_fault_oops (arch/x86/mm/fault.c:715) [ 88.809561] ? exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539) [ 88.809806] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) [ 88.810074] ? sfq_dequeue (net/sched/sch_sfq.c:272 net/sched/sch_sfq.c:499) sch_sfq [ 88.810411] sfq_reset (net/sched/sch_sfq.c:525) sch_sfq [ 88.810671] qdisc_reset (./include/linux/skbuff.h:2135 ./include/linux/skbuff.h:2441 ./include/linux/skbuff.h:3304 ./include/linux/skbuff.h:3310 net/sched/sch_g ---truncated--- CVE-2024-50039 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50039.html CVE-2024-50039 https://bugzilla.suse.com/1231909 SUSE Bug 1231909 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null ... [ 194.196391] ================================================================== [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110 [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899 [ 194.197707] [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43 [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs] [ 194.200032] Call Trace: [ 194.200191] <TASK> [ 194.200327] dump_stack_lvl+0x4e/0x70 [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110 [ 194.200809] print_report+0x174/0x505 [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 194.201352] ? srso_return_thunk+0x5/0x5f [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0 [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202128] kasan_report+0xc8/0x150 [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202616] gf128mul_4k_lle+0xc1/0x110 [ 194.202863] ghash_update+0x184/0x210 [ 194.203103] shash_ahash_update+0x184/0x2a0 [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10 [ 194.203651] ? srso_return_thunk+0x5/0x5f [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340 [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140 [ 194.204434] crypt_message+0xec1/0x10a0 [cifs] [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs] [ 194.208507] ? srso_return_thunk+0x5/0x5f [ 194.209205] ? srso_return_thunk+0x5/0x5f [ 194.209925] ? srso_return_thunk+0x5/0x5f [ 194.210443] ? srso_return_thunk+0x5/0x5f [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs] [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs] [ 194.214670] ? srso_return_thunk+0x5/0x5f [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs] This is because TFM is being used in parallel. Fix this by allocating a new AEAD TFM for async decryption, but keep the existing one for synchronous READ cases (similar to what is done in smb3_calc_signature()). Also remove the calls to aead_request_set_callback() and crypto_wait_req() since it's always going to be a synchronous operation. CVE-2024-50047 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50047.html CVE-2024-50047 https://bugzilla.suse.com/1232418 SUSE Bug 1232418 https://bugzilla.suse.com/1232576 SUSE Bug 1232576 https://bugzilla.suse.com/1232638 SUSE Bug 1232638 In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove. CVE-2024-50051 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50051.html CVE-2024-50051 https://bugzilla.suse.com/1235739 SUSE Bug 1235739 https://bugzilla.suse.com/1239156 SUSE Bug 1239156 In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has expired and needs to be revoked so it marks the delegation stid revoked and it puts it on a reaper list but then it unlock the state lock and the actual delegation revocation happens without the lock. Once the stid is marked revoked a racing free_stateid processing thread does the following (1) it calls list_del_init() which removes it from the reaper list and (2) frees the delegation stid structure. The laundromat thread ends up not calling the revoke_delegation() function for this particular delegation but that means it will no release the lock lease that exists on the file. Now, a new open for this file comes in and ends up finding that lease list isn't empty and calls nfsd_breaker_owns_lease() which ends up trying to derefence a freed delegation stateid. Leading to the followint use-after-free KASAN warning: kernel: ================================================================== kernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd] kernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205 kernel: kernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9 kernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024 kernel: Call trace: kernel: dump_backtrace+0x98/0x120 kernel: show_stack+0x1c/0x30 kernel: dump_stack_lvl+0x80/0xe8 kernel: print_address_description.constprop.0+0x84/0x390 kernel: print_report+0xa4/0x268 kernel: kasan_report+0xb4/0xf8 kernel: __asan_report_load8_noabort+0x1c/0x28 kernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd] kernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd] kernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd] kernel: nfs4_get_vfs_file+0x634/0x958 [nfsd] kernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd] kernel: nfsd4_open+0xa08/0xe80 [nfsd] kernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd] kernel: nfsd_dispatch+0x22c/0x718 [nfsd] kernel: svc_process_common+0x8e8/0x1960 [sunrpc] kernel: svc_process+0x3d4/0x7e0 [sunrpc] kernel: svc_handle_xprt+0x828/0xe10 [sunrpc] kernel: svc_recv+0x2cc/0x6a8 [sunrpc] kernel: nfsd+0x270/0x400 [nfsd] kernel: kthread+0x288/0x310 kernel: ret_from_fork+0x10/0x20 This patch proposes a fixed that's based on adding 2 new additional stid's sc_status values that help coordinate between the laundromat and other operations (nfsd4_free_stateid() and nfsd4_delegreturn()). First to make sure, that once the stid is marked revoked, it is not removed by the nfsd4_free_stateid(), the laundromat take a reference on the stateid. Then, coordinating whether the stid has been put on the cl_revoked list or we are processing FREE_STATEID and need to make sure to remove it from the list, each check that state and act accordingly. If laundromat has added to the cl_revoke list before the arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove it from the list. If nfsd4_free_stateid() finds that operations arrived before laundromat has placed it on cl_revoke list, it marks the state freed and then laundromat will no longer add it to the list. Also, for nfsd4_delegreturn() when looking for the specified stid, we need to access stid that are marked removed or freeable, it means the laundromat has started processing it but hasn't finished and this delegreturn needs to return nfserr_deleg_revoked and not nfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the lack of it will leave this stid on the cl_revoked list indefinitely. CVE-2024-50106 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50106.html CVE-2024-50106 https://bugzilla.suse.com/1232882 SUSE Bug 1232882 In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000 CVE-2024-50143 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50143.html CVE-2024-50143 https://bugzilla.suse.com/1233038 SUSE Bug 1233038 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2_IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single iov in smb2_set_next_command(). SMB2_ioctl_init() allocates a small buffer (448 bytes) to hold the SMB2_IOCTL request in the first iov, and if the user passes an input buffer that is greater than 328 bytes, smb2_set_next_command() will end up writing off the end of @rqst->iov[0].iov_base as shown below: mount.cifs //srv/share /mnt -o ...,seal ln -s $(perl -e "print('a')for 1..1024") /mnt/link BUG: KASAN: slab-out-of-bounds in smb2_set_next_command.cold+0x1d6/0x24c [cifs] Write of size 4116 at addr ffff8881148fcab8 by task ln/859 CPU: 1 UID: 0 PID: 859 Comm: ln Not tainted 6.12.0-rc3 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? smb2_set_next_command.cold+0x1d6/0x24c [cifs] print_report+0x156/0x4d9 ? smb2_set_next_command.cold+0x1d6/0x24c [cifs] ? __virt_addr_valid+0x145/0x310 ? __phys_addr+0x46/0x90 ? smb2_set_next_command.cold+0x1d6/0x24c [cifs] kasan_report+0xda/0x110 ? smb2_set_next_command.cold+0x1d6/0x24c [cifs] kasan_check_range+0x10f/0x1f0 __asan_memcpy+0x3c/0x60 smb2_set_next_command.cold+0x1d6/0x24c [cifs] smb2_compound_op+0x238c/0x3840 [cifs] ? kasan_save_track+0x14/0x30 ? kasan_save_free_info+0x3b/0x70 ? vfs_symlink+0x1a1/0x2c0 ? do_symlinkat+0x108/0x1c0 ? __pfx_smb2_compound_op+0x10/0x10 [cifs] ? kmem_cache_free+0x118/0x3e0 ? cifs_get_writable_path+0xeb/0x1a0 [cifs] smb2_get_reparse_inode+0x423/0x540 [cifs] ? __pfx_smb2_get_reparse_inode+0x10/0x10 [cifs] ? rcu_is_watching+0x20/0x50 ? __kmalloc_noprof+0x37c/0x480 ? smb2_create_reparse_symlink+0x257/0x490 [cifs] ? smb2_create_reparse_symlink+0x38f/0x490 [cifs] smb2_create_reparse_symlink+0x38f/0x490 [cifs] ? __pfx_smb2_create_reparse_symlink+0x10/0x10 [cifs] ? find_held_lock+0x8a/0xa0 ? hlock_class+0x32/0xb0 ? __build_path_from_dentry_optional_prefix+0x19d/0x2e0 [cifs] cifs_symlink+0x24f/0x960 [cifs] ? __pfx_make_vfsuid+0x10/0x10 ? __pfx_cifs_symlink+0x10/0x10 [cifs] ? make_vfsgid+0x6b/0xc0 ? generic_permission+0x96/0x2d0 vfs_symlink+0x1a1/0x2c0 do_symlinkat+0x108/0x1c0 ? __pfx_do_symlinkat+0x10/0x10 ? strncpy_from_user+0xaa/0x160 __x64_sys_symlinkat+0xb9/0xf0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f08d75c13bb CVE-2024-50151 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50151.html CVE-2024-50151 https://bugzilla.suse.com/1233055 SUSE Bug 1233055 In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tcp_retransmit_synack. The program passes the req->sk to the bpf_sk_storage_get_tracing kernel helper which does check for null before using it. """ The commit 83fccfc3940c ("inet: fix potential deadlock in reqsk_queue_unlink()") added timer_pending() in reqsk_queue_unlink() not to call del_timer_sync() from reqsk_timer_handler(), but it introduced a small race window. Before the timer is called, expire_timers() calls detach_timer(timer, true) to clear timer->entry.pprev and marks it as not pending. If reqsk_queue_unlink() checks timer_pending() just after expire_timers() calls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will continue running and send multiple SYN+ACKs until it expires. The reported UAF could happen if req->sk is close()d earlier than the timer expiration, which is 63s by default. The scenario would be 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(), but del_timer_sync() is missed 2. reqsk timer is executed and scheduled again 3. req->sk is accept()ed and reqsk_put() decrements rsk_refcnt, but reqsk timer still has another one, and inet_csk_accept() does not clear req->sk for non-TFO sockets 4. sk is close()d 5. reqsk timer is executed again, and BPF touches req->sk Let's not use timer_pending() by passing the caller context to __inet_csk_reqsk_queue_drop(). Note that reqsk timer is pinned, so the issue does not happen in most use cases. [1] [0] BUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0 Use-after-free read at 0x00000000a891fb3a (in kfence-#1): bpf_sk_storage_get_tracing+0x2e/0x1b0 bpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda bpf_trace_run2+0x4c/0xc0 tcp_rtx_synack+0xf9/0x100 reqsk_timer_handler+0xda/0x3d0 run_timer_softirq+0x292/0x8a0 irq_exit_rcu+0xf5/0x320 sysvec_apic_timer_interrupt+0x6d/0x80 asm_sysvec_apic_timer_interrupt+0x16/0x20 intel_idle_irq+0x5a/0xa0 cpuidle_enter_state+0x94/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb kfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6 allocated by task 0 on cpu 9 at 260507.901592s: sk_prot_alloc+0x35/0x140 sk_clone_lock+0x1f/0x3f0 inet_csk_clone_lock+0x15/0x160 tcp_create_openreq_child+0x1f/0x410 tcp_v6_syn_recv_sock+0x1da/0x700 tcp_check_req+0x1fb/0x510 tcp_v6_rcv+0x98b/0x1420 ipv6_list_rcv+0x2258/0x26e0 napi_complete_done+0x5b1/0x2990 mlx5e_napi_poll+0x2ae/0x8d0 net_rx_action+0x13e/0x590 irq_exit_rcu+0xf5/0x320 common_interrupt+0x80/0x90 asm_common_interrupt+0x22/0x40 cpuidle_enter_state+0xfb/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb freed by task 0 on cpu 9 at 260507.927527s: rcu_core_si+0x4ff/0xf10 irq_exit_rcu+0xf5/0x320 sysvec_apic_timer_interrupt+0x6d/0x80 asm_sysvec_apic_timer_interrupt+0x16/0x20 cpuidle_enter_state+0xfb/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb CVE-2024-50154 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50154.html CVE-2024-50154 https://bugzilla.suse.com/1233070 SUSE Bug 1233070 https://bugzilla.suse.com/1233072 SUSE Bug 1233072 In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory. 2. Swapout the above anonymous memory. 3. run swapoff and we will get a bad pud error in kernel message: mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7) We can tell that pud_clear_bad is called by pud_none_or_clear_bad in unuse_pud_range() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it. CVE-2024-50199 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50199.html CVE-2024-50199 https://bugzilla.suse.com/1233112 SUSE Bug 1233112 In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together. CVE-2024-50202 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50202.html CVE-2024-50202 https://bugzilla.suse.com/1233324 SUSE Bug 1233324 In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation. This may cause a heap buffer overflow if the heap address is tagged because emit_a64_mov_i64() will emit longer code than it did during the size calculation pass. The same problem could occur without tag-based KASAN if one of the 16-bit words of the stack address happened to be all-ones during the size calculation pass. Fix the problem by assuming the worst case (4 instructions) when calculating the size of the bpf_tramp_image address emission. CVE-2024-50203 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50203.html CVE-2024-50203 https://bugzilla.suse.com/1233328 SUSE Bug 1233328 In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now detect errors and bail out early without resorting to checking for particular offsets and assuming internal behavior of these functions. CVE-2024-50211 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50211.html CVE-2024-50211 https://bugzilla.suse.com/1233096 SUSE Bug 1233096 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-50228 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50228.html CVE-2024-50228 https://bugzilla.suse.com/1233204 SUSE Bug 1233204 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len is zero, and we attempt later to push an Ethernet header. Use LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c. [1] skbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc900045269b0 EFLAGS: 00010282 RAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800 RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 RBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc R10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140 R13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c FS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 eth_header+0x38/0x1f0 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3208 [inline] nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358 nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_bridge_pre net/bridge/br_input.c:277 [inline] br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424 __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562 __netif_receive_skb_one_core net/core/dev.c:5666 [inline] __netif_receive_skb+0x12f/0x650 net/core/dev.c:5781 netif_receive_skb_internal net/core/dev.c:5867 [inline] netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926 tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550 tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007 tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053 new_sync_write fs/read_write.c:590 [inline] vfs_write+0xa6d/0xc90 fs/read_write.c:683 ksys_write+0x183/0x2b0 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdbeeb7d1ff Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 RSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff RDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8 RBP: 00007fdbeebf12be R08: 0000000 ---truncated--- CVE-2024-50256 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50256.html CVE-2024-50256 https://bugzilla.suse.com/1233200 SUSE Bug 1233200 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. For example, consider a trie with max_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ... 0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with .prefixlen = 8 make 9 nodes be written on the node stack with size 8. CVE-2024-50262 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50262.html CVE-2024-50262 https://bugzilla.suse.com/1233239 SUSE Bug 1233239 In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read() If the caller supplies an iocb->ki_pos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemap_read() enters an infinite loop. This behaviour was discovered when testing xfstests generic/525 with the "localio" optimisation for loopback NFS mounts. CVE-2024-50272 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50272.html CVE-2024-50272 https://bugzilla.suse.com/1233461 SUSE Bug 1233461 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because expanding the fast device requires reloading the cache table for cache_create to allocate new in-core data structures that fit the new size, and the check in cache_preresume is not performed during the first resume, leading to the issue. Reproduce steps: 1. prepare component devices: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct 2. load a cache table of 512 cache blocks, and deliberately expand the fast device before resuming the cache, making the in-core data structures inadequate. dmsetup create cache --notable dmsetup reload cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" dmsetup reload cdata --table "0 131072 linear /dev/sdc 8192" dmsetup resume cdata dmsetup resume cache 3. suspend the cache to write out the in-core dirty bitset and hint array, leading to out-of-bounds access to the dirty bitset at offset 0x40: dmsetup suspend cache KASAN reports: BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80 Read of size 8 at addr ffffc90000085040 by task dmsetup/90 (...snip...) The buggy address belongs to the virtual mapping at [ffffc90000085000, ffffc90000087000) created by: cache_ctr+0x176a/0x35f0 (...snip...) Memory state around the buggy address: ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 Fix by checking the size change on the first resume. CVE-2024-50278 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50278.html CVE-2024-50278 https://bugzilla.suse.com/1233467 SUSE Bug 1233467 https://bugzilla.suse.com/1233709 SUSE Bug 1233709 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed. CVE-2024-50280 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50280.html CVE-2024-50280 https://bugzilla.suse.com/1233469 SUSE Bug 1233469 In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243 sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233 CVE-2024-50299 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-50299.html CVE-2024-50299 https://bugzilla.suse.com/1233488 SUSE Bug 1233488 In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access. CVE-2024-52332 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-52332.html CVE-2024-52332 https://bugzilla.suse.com/1235700 SUSE Bug 1235700 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-53050 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53050.html CVE-2024-53050 https://bugzilla.suse.com/1233546 SUSE Bug 1233546 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-53064 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53064.html CVE-2024-53064 https://bugzilla.suse.com/1233558 SUSE Bug 1233558 In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to take a ref on the afs_call struct in order to pass it to a work queue - but if the afs_call is already queued, we then have an extraneous ref that must be put... calling afs_put_call() may call back down into AF_RXRPC through rxrpc_kernel_shutdown_call(), however, which might try taking the ->notify_lock again. This case isn't very common, however, so defer it to a workqueue. The oops looks something like: BUG: spinlock recursion on CPU#0, krxrpcio/7001/1646 lock: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0 CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 Not tainted 6.12.0-rc2-build3+ #4351 Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 Call Trace: <TASK> dump_stack_lvl+0x47/0x70 do_raw_spin_lock+0x3c/0x90 rxrpc_kernel_shutdown_call+0x83/0xb0 afs_put_call+0xd7/0x180 rxrpc_notify_socket+0xa0/0x190 rxrpc_input_split_jumbo+0x198/0x1d0 rxrpc_input_data+0x14b/0x1e0 ? rxrpc_input_call_packet+0xc2/0x1f0 rxrpc_input_call_event+0xad/0x6b0 rxrpc_input_packet_on_conn+0x1e1/0x210 rxrpc_input_packet+0x3f2/0x4d0 rxrpc_io_thread+0x243/0x410 ? __pfx_rxrpc_io_thread+0x10/0x10 kthread+0xcf/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x24/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CVE-2024-53090 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53090.html CVE-2024-53090 https://bugzilla.suse.com/1233637 SUSE Bug 1233637 In the Linux kernel, the following vulnerability has been resolved: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx As the introduction of the support for vsock and unix sockets in sockmap, tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK. vsock and af_unix sockets have vsock_sock and unix_sock instead of inet_connection_sock. For these sockets, tls_get_ctx may return an invalid pointer and cause page fault in function tls_sw_ctx_rx. BUG: unable to handle page fault for address: 0000000000040030 Workqueue: vsock-loopback vsock_loopback_work RIP: 0010:sk_psock_strp_data_ready+0x23/0x60 Call Trace: ? __die+0x81/0xc3 ? no_context+0x194/0x350 ? do_page_fault+0x30/0x110 ? async_page_fault+0x3e/0x50 ? sk_psock_strp_data_ready+0x23/0x60 virtio_transport_recv_pkt+0x750/0x800 ? update_load_avg+0x7e/0x620 vsock_loopback_work+0xd0/0x100 process_one_work+0x1a7/0x360 worker_thread+0x30/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x112/0x130 ? __kthread_cancel_work+0x40/0x40 ret_from_fork+0x1f/0x40 v2: - Add IS_ICSK check v3: - Update the commits in Fixes CVE-2024-53091 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53091.html CVE-2024-53091 https://bugzilla.suse.com/1233638 SUSE Bug 1233638 In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. [0] The workload runs on Kubernetes, and some pods mount CIFS servers in non-root network namespaces. The problem rarely happened, but it was always while the pod was dying. The root cause is wrong reference counting for network namespace. CIFS uses kernel sockets, which do not hold refcnt of the netns that the socket belongs to. That means CIFS must ensure the socket is always freed before its netns; otherwise, use-after-free happens. The repro steps are roughly: 1. mount CIFS in a non-root netns 2. drop packets from the netns 3. destroy the netns 4. unmount CIFS We can reproduce the issue quickly with the script [1] below and see the splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled. When the socket is TCP, it is hard to guarantee the netns lifetime without holding refcnt due to async timers. Let's hold netns refcnt for each socket as done for SMC in commit 9744d2bf1976 ("smc: Fix use-after-free in tcp_write_timer_handler()."). Note that we need to move put_net() from cifs_put_tcp_session() to clean_demultiplex_info(); otherwise, __sock_create() still could touch a freed netns while cifsd tries to reconnect from cifs_demultiplex_thread(). Also, maybe_get_net() cannot be put just before __sock_create() because the code is not under RCU and there is a small chance that the same address happened to be reallocated to another netns. [0]: CIFS: VFS: \\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting... CIFS: Serverclose failed 4 times, giving up Unable to handle kernel paging request at virtual address 14de99e461f84a07 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [14de99e461f84a07] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs CPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1 Hardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : fib_rules_lookup+0x44/0x238 lr : __fib_lookup+0x64/0xbc sp : ffff8000265db790 x29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01 x26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580 x23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500 x20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002 x11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294 x8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000 x5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0 x2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500 Call trace: fib_rules_lookup+0x44/0x238 __fib_lookup+0x64/0xbc ip_route_output_key_hash_rcu+0x2c4/0x398 ip_route_output_key_hash+0x60/0x8c tcp_v4_connect+0x290/0x488 __inet_stream_connect+0x108/0x3d0 inet_stream_connect+0x50/0x78 kernel_connect+0x6c/0xac generic_ip_conne ---truncated--- CVE-2024-53095 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53095.html CVE-2024-53095 https://bugzilla.suse.com/1233642 SUSE Bug 1233642 In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing bpf_link_type_strs[link->type] may result in an out-of-bounds access. To spot such missed invocations early in the future, checking the validity of link->type in bpf_link_show_fdinfo() and emitting a warning when such invocations are missed. CVE-2024-53099 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53099.html CVE-2024-53099 https://bugzilla.suse.com/1233772 SUSE Bug 1233772 In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL. CVE-2024-53103 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53103.html CVE-2024-53103 https://bugzilla.suse.com/1234024 SUSE Bug 1234024 In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page being freed using free_page() still having a mlocked flag at free_pages_prepare() stage: BUG: Bad page state in process syz.5.504 pfn:61f45 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45 flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000080204 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8443, tgid 8442 (syz.5.504), ts 201884660643, free_ts 201499827394 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x303f/0x3190 mm/page_alloc.c:3457 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 kvm_coalesced_mmio_init+0x1f/0xf0 virt/kvm/coalesced_mmio.c:99 kvm_create_vm virt/kvm/kvm_main.c:1235 [inline] kvm_dev_ioctl_create_vm virt/kvm/kvm_main.c:5488 [inline] kvm_dev_ioctl+0x12dc/0x2240 virt/kvm/kvm_main.c:5530 __do_compat_sys_ioctl fs/ioctl.c:1007 [inline] __se_compat_sys_ioctl+0x510/0xc90 fs/ioctl.c:950 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e page last free pid 8399 tgid 8399 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_folios+0xf12/0x18d0 mm/page_alloc.c:2686 folios_put_refs+0x76c/0x860 mm/swap.c:1007 free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:335 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline] tlb_batch_pages_flush mm/mmu_gather.c:149 [inline] tlb_flush_mmu_free mm/mmu_gather.c:366 [inline] tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465 exit_mmap+0x496/0xc40 mm/mmap.c:1926 __mmput+0x115/0x390 kernel/fork.c:1348 exit_mm+0x220/0x310 kernel/exit.c:571 do_exit+0x9b2/0x28e0 kernel/exit.c:926 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [inline] __se_sys_exit_group kernel/exit.c:1097 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 8442 Comm: syz.5.504 Not tainted 6.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0xed0/0xf20 mm/page_alloc.c:2638 kvm_destroy_vm virt/kvm/kvm_main.c:1327 [inline] kvm_put_kvm+0xc75/0x1350 virt/kvm/kvm_main.c:1386 kvm_vcpu_release+0x54/0x60 virt/kvm/kvm_main.c:4143 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xa2f/0x28e0 kernel/exit.c:939 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [in ---truncated--- CVE-2024-53105 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53105.html CVE-2024-53105 https://bugzilla.suse.com/1234069 SUSE Bug 1234069 In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix address wraparound in move_page_tables() On 32-bit platforms, it is possible for the expression `len + old_addr < old_end` to be false-positive if `len + old_addr` wraps around. `old_addr` is the cursor in the old range up to which page table entries have been moved; so if the operation succeeded, `old_addr` is the *end* of the old region, and adding `len` to it can wrap. The overflow causes mremap() to mistakenly believe that PTEs have been copied; the consequence is that mremap() bails out, but doesn't move the PTEs back before the new VMA is unmapped, causing anonymous pages in the region to be lost. So basically if userspace tries to mremap() a private-anon region and hits this bug, mremap() will return an error and the private-anon region's contents appear to have been zeroed. The idea of this check is that `old_end - len` is the original start address, and writing the check that way also makes it easier to read; so fix the check by rearranging the comparison accordingly. (An alternate fix would be to refactor this function by introducing an "orig_old_start" variable or such.) Tested in a VM with a 32-bit X86 kernel; without the patch: ``` user@horn:~/big_mremap$ cat test.c #define _GNU_SOURCE #include <stdlib.h> #include <stdio.h> #include <err.h> #include <sys/mman.h> #define ADDR1 ((void*)0x60000000) #define ADDR2 ((void*)0x10000000) #define SIZE 0x50000000uL int main(void) { unsigned char *p1 = mmap(ADDR1, SIZE, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0); if (p1 == MAP_FAILED) err(1, "mmap 1"); unsigned char *p2 = mmap(ADDR2, SIZE, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0); if (p2 == MAP_FAILED) err(1, "mmap 2"); *p1 = 0x41; printf("first char is 0x%02hhx\n", *p1); unsigned char *p3 = mremap(p1, SIZE, SIZE, MREMAP_MAYMOVE|MREMAP_FIXED, p2); if (p3 == MAP_FAILED) { printf("mremap() failed; first char is 0x%02hhx\n", *p1); } else { printf("mremap() succeeded; first char is 0x%02hhx\n", *p3); } } user@horn:~/big_mremap$ gcc -static -o test test.c user@horn:~/big_mremap$ setarch -R ./test first char is 0x41 mremap() failed; first char is 0x00 ``` With the patch: ``` user@horn:~/big_mremap$ setarch -R ./test first char is 0x41 mremap() succeeded; first char is 0x41 ``` CVE-2024-53111 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53111.html CVE-2024-53111 https://bugzilla.suse.com/1234086 SUSE Bug 1234086 In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be &current->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc fastpath"). To fix it, check NULL pointer for preferred_zoneref->zone. CVE-2024-53113 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53113.html CVE-2024-53113 https://bugzilla.suse.com/1234077 SUSE Bug 1234077 In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks. CVE-2024-53117 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53117.html CVE-2024-53117 https://bugzilla.suse.com/1234079 SUSE Bug 1234079 In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. To prevent memory leaks, clean up the queue when the socket is destroyed. unreferenced object 0xffff8881028beb00 (size 224): comm "vsock_test", pid 1218, jiffies 4294694897 hex dump (first 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!..... 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!..... backtrace (crc 6c7031ca): [<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370 [<ffffffff81d35882>] __alloc_skb+0x132/0x180 [<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80 [<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240 [<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0 [<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50 [<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450 [<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0 [<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0 [<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80 [<ffffffff820d3df3>] do_syscall_64+0x93/0x180 [<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2024-53118 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53118.html CVE-2024-53118 https://bugzilla.suse.com/1234071 SUSE Bug 1234071 In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak. vsock_release __vsock_release lock virtio_transport_release virtio_transport_close schedule_delayed_work(close_work) sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue release virtio_transport_recv_pkt vsock_find_bound_socket lock if flag(SOCK_DONE) return virtio_transport_recv_listen child = vsock_create_connected (!) vsock_enqueue_accept(child) release close_work lock virtio_transport_do_close set_flag(SOCK_DONE) virtio_transport_remove_sock vsock_remove_sock vsock_remove_bound release Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction. unreferenced object 0xffff888109e3f800 (size 2040): comm "kworker/5:2", pid 371, jiffies 4294940105 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............ backtrace (crc 9e5f4e84): [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360 [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120 [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0 [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310 [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0 [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140 [<ffffffff810fc6ac>] process_one_work+0x20c/0x570 [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0 [<ffffffff811070dd>] kthread+0xdd/0x110 [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50 [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30 CVE-2024-53119 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53119.html CVE-2024-53119 https://bugzilla.suse.com/1234073 SUSE Bug 1234073 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CVE-2024-53120 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53120.html CVE-2024-53120 https://bugzilla.suse.com/1234075 SUSE Bug 1234075 In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf(). CVE-2024-53122 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53122.html CVE-2024-53122 https://bugzilla.suse.com/1234076 SUSE Bug 1234076 In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: - r0 is marked as not a subreg at (0); - w1 is marked as subreg at (2); - w1 subreg_def is overridden at (3) by copy_register_state(); - w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; - because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); - this random value is read at (5). CVE-2024-53125 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53125.html CVE-2024-53125 https://bugzilla.suse.com/1234156 SUSE Bug 1234156 In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the strings on the heap through devm_kasprintf(). CVE-2024-53126 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53126.html CVE-2024-53126 https://bugzilla.suse.com/1234158 SUSE Bug 1234158 In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, even for 4K pages, causing various issues: - Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 - Panic booting the kernel/rootfs from an SD card on StarFive JH7100 - "swiotlb buffer is full" and data corruption on StarFive JH7110 At this stage no fix have been found, so it's probably better to just revert the change. This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890. CVE-2024-53127 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53127.html CVE-2024-53127 https://bugzilla.suse.com/1234153 SUSE Bug 1234153 In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check 'state' (see line 1077) CVE-2024-53129 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53129.html CVE-2024-53129 https://bugzilla.suse.com/1234155 SUSE Bug 1234155 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try_to_free_buffers(), and new buffer heads are then attached by create_empty_buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b_bdev, and mark_buffer_dirty() may be called later in that state, resulting in the bug mentioned above. Fix this issue by making nilfs_grab_buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer's uptodate flag. CVE-2024-53130 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53130.html CVE-2024-53130 https://bugzilla.suse.com/1234219 SUSE Bug 1234219 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself. CVE-2024-53131 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53131.html CVE-2024-53131 https://bugzilla.suse.com/1234220 SUSE Bug 1234220 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state's dml contexts would no longer be valid. Then subsequent calls dc_state_copy_internal would shallow copy invalid memory and if the new state was released, a double free would occur. [How] Reset dml pointers in new_state to NULL and avoid invalid pointer (cherry picked from commit bcafdc61529a48f6f06355d78eb41b3aeda5296c) CVE-2024-53133 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53133.html CVE-2024-53133 https://bugzilla.suse.com/1234221 SUSE Bug 1234221 In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish and cause kernel panic. Also disable runtime to address "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!" CVE-2024-53134 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53134.html CVE-2024-53134 https://bugzilla.suse.com/1234159 SUSE Bug 1234159 In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, "added just to silence a syzbot sanitizer splat: added where there has never been any practical problem". CVE-2024-53136 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53136.html CVE-2024-53136 https://bugzilla.suse.com/1234161 SUSE Bug 1234161 In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. CVE-2024-53141 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53141.html CVE-2024-53141 https://bugzilla.suse.com/1234381 SUSE Bug 1234381 In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Length of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It's easiest to observe non-zero uninitialized memory when the output is gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. ---- reproducer.sh ---- nilchar="A" # change to "\0" to properly zero terminate / pad magic="070701" ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname="initramfs_test_fname_overrun" namelen=$(( ${#fname} + 1 )) # plus one to account for terminator printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \ $magic $ino $mode $uid $gid $nlink $mtime $filesize \ $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) )) printf "%.s${nilchar}" $(seq 1 $termpadlen) ---- reproducer.sh ---- Symlink filename fields handled in do_symlink() won't overrun past the data segment, due to the explicit zero-termination of the symlink target. Fix filename buffer overrun by aborting the initramfs FSM if any cpio entry doesn't carry a zero-terminator at the expected (name_len - 1) offset. CVE-2024-53142 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53142.html CVE-2024-53142 https://bugzilla.suse.com/1232436 SUSE Bug 1232436 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 CVE-2024-53144 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53144.html CVE-2024-53144 https://bugzilla.suse.com/1234690 SUSE Bug 1234690 In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. CVE-2024-53146 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53146.html CVE-2024-53146 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1234854 SUSE Bug 1234854 In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in error case"). CVE-2024-53148 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53148.html CVE-2024-53148 https://bugzilla.suse.com/1234832 SUSE Bug 1234832 https://bugzilla.suse.com/1234833 SUSE Bug 1234833 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. CVE-2024-53150 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53150.html CVE-2024-53150 https://bugzilla.suse.com/1234834 SUSE Bug 1234834 In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the following > Smatch static checker warning: > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() > warn: potential user controlled sizeof overflow 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt) > 489 { > 490 u32 segcount; > 491 __be32 *p; > 492 > 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount)) > ^^^^^^^^ > > 494 return false; > 495 > 496 /* A bogus segcount causes this buffer overflow check to fail. */ > 497 p = xdr_inline_decode(&rctxt->rc_stream, > --> 498 segcount * rpcrdma_segment_maxsz * sizeof(*p)); > > > segcount is an untrusted u32. On 32bit systems anything >= SIZE_MAX / 16 will > have an integer overflow and some those values will be accepted by > xdr_inline_decode(). CVE-2024-53151 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53151.html CVE-2024-53151 https://bugzilla.suse.com/1234829 SUSE Bug 1234829 In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. CVE-2024-53154 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53154.html CVE-2024-53154 https://bugzilla.suse.com/1234826 SUSE Bug 1234826 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: __alloc_pages_noprof+0x9a7/0xe00 alloc_pages_mpol_noprof+0x299/0x990 alloc_pages_noprof+0x1bf/0x1e0 allocate_slab+0x33a/0x1250 ___slab_alloc+0x12ef/0x35e0 kmem_cache_alloc_bulk_noprof+0x486/0x1330 __io_alloc_req_refill+0x84/0x560 io_submit_sqes+0x172f/0x2f30 __se_sys_io_uring_enter+0x406/0x41c0 __x64_sys_io_uring_enter+0x11f/0x1a0 x64_sys_call+0x2b54/0x3ba0 do_syscall_64+0xcd/0x1e0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Since an instance of 'struct kiocb' may be passed from the block layer with 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()' and use it from where 'ocfs2_dio_end_io()' might take care, i.e. in 'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'. CVE-2024-53155 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53155.html CVE-2024-53155 https://bugzilla.suse.com/1234855 SUSE Bug 1234855 In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_firmware_work_func Call Trace: <TASK> dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0 ... Since this bug has been confirmed to be caused by insufficient verification of conn_rsp_epid, I think it would be appropriate to add a range check for conn_rsp_epid to htc_connect_service() to prevent the bug from occurring. CVE-2024-53156 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53156.html CVE-2024-53156 https://bugzilla.suse.com/1234846 SUSE Bug 1234846 https://bugzilla.suse.com/1234847 SUSE Bug 1234847 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 | Mem abort info: | ESR = 0x96000004 | Exception class = DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Data abort info: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Internal error: Oops: 96000004 [#1] SMP | scpi-hwmon: probe of PHYT000D:00 failed with error -110 | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1 | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | lr : clk_register+0x438/0x720 | Call trace: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | platform_drv_probe+0x58/0xa8 | really_probe+0x260/0x3d0 | driver_probe_device+0x12c/0x148 | device_driver_attach+0x74/0x98 | __driver_attach+0xb4/0xe8 | bus_for_each_dev+0x88/0xe0 | driver_attach+0x30/0x40 | bus_add_driver+0x178/0x2b0 | driver_register+0x64/0x118 | __platform_driver_register+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | do_one_initcall+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ end trace 06feb22469d89fa8 ]--- | Kernel panic - not syncing: Fatal exception | SMP: stopping secondary CPUs | Kernel Offset: disabled | CPU features: 0x10,a0002008 | Memory Limit: none CVE-2024-53157 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53157.html CVE-2024-53157 https://bugzilla.suse.com/1234827 SUSE Bug 1234827 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. CVE-2024-53158 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53158.html CVE-2024-53158 https://bugzilla.suse.com/1234811 SUSE Bug 1234811 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-53159 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53159.html CVE-2024-53159 https://bugzilla.suse.com/1234848 SUSE Bug 1234848 In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() function: <snip> BUG: KCSAN: data-race in __mod_timer / kvfree_call_rcu read to 0xffff888237d1cce8 of 8 bytes by task 10149 on cpu 1: schedule_delayed_monitor_work kernel/rcu/tree.c:3520 [inline] kvfree_call_rcu+0x3b8/0x510 kernel/rcu/tree.c:3839 trie_update_elem+0x47c/0x620 kernel/bpf/lpm_trie.c:441 bpf_map_update_value+0x324/0x350 kernel/bpf/syscall.c:203 generic_map_update_batch+0x401/0x520 kernel/bpf/syscall.c:1849 bpf_map_do_batch+0x28c/0x3f0 kernel/bpf/syscall.c:5143 __sys_bpf+0x2e5/0x7a0 __do_sys_bpf kernel/bpf/syscall.c:5741 [inline] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline] __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5739 x64_sys_call+0x2625/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f write to 0xffff888237d1cce8 of 8 bytes by task 56 on cpu 0: __mod_timer+0x578/0x7f0 kernel/time/timer.c:1173 add_timer_global+0x51/0x70 kernel/time/timer.c:1330 __queue_delayed_work+0x127/0x1a0 kernel/workqueue.c:2523 queue_delayed_work_on+0xdf/0x190 kernel/workqueue.c:2552 queue_delayed_work include/linux/workqueue.h:677 [inline] schedule_delayed_monitor_work kernel/rcu/tree.c:3525 [inline] kfree_rcu_monitor+0x5e8/0x660 kernel/rcu/tree.c:3643 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391 kthread+0x1d1/0x210 kernel/kthread.c:389 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 56 Comm: kworker/u8:4 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_unbound kfree_rcu_monitor <snip> kfree_rcu_monitor() rearms the work if a "krcp" has to be still offloaded and this is done without holding krcp->lock, whereas the kvfree_call_rcu() holds it. Fix it by acquiring the "krcp->lock" for kfree_rcu_monitor() so both functions do not race anymore. CVE-2024-53160 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53160.html CVE-2024-53160 https://bugzilla.suse.com/1234810 SUSE Bug 1234810 In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. CVE-2024-53161 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53161.html CVE-2024-53161 https://bugzilla.suse.com/1234856 SUSE Bug 1234856 In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read. CVE-2024-53162 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53162.html CVE-2024-53162 https://bugzilla.suse.com/1234843 SUSE Bug 1234843 In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty. CVE-2024-53164 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53164.html CVE-2024-53164 https://bugzilla.suse.com/1234863 SUSE Bug 1234863 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_pages+0x254/0x6c0 write_cache_pages+0x254/0x6c0 do_writepages+0x192/0x310 filemap_fdatawrite_wbc+0x95/0xc0 __filemap_fdatawrite_range+0x99/0xd0 filemap_write_and_wait_range.part.0+0x4d/0xa0 blkdev_read_iter+0xef/0x1e0 io_read+0x1b6/0x8a0 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork_asm+0x1b/0x30 </TASK> Allocated by task 808602: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_slab_alloc+0x83/0x90 kmem_cache_alloc_node+0x1b1/0x6d0 bfq_get_queue+0x138/0xfa0 bfq_get_bfqq_handle_split+0xe3/0x2c0 bfq_init_rq+0x196/0xbb0 bfq_insert_request.isra.0+0xb5/0x480 bfq_insert_requests+0x156/0x180 blk_mq_insert_request+0x15d/0x440 blk_mq_submit_bio+0x8a4/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __blkdev_direct_IO_async+0x2dd/0x330 blkdev_write_iter+0x39a/0x450 io_write+0x22a/0x840 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x1b/0x30 Freed by task 808589: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 __kasan_slab_free+0x126/0x1b0 kmem_cache_free+0x10c/0x750 bfq_put_queue+0x2dd/0x770 __bfq_insert_request.isra.0+0x155/0x7a0 bfq_insert_request.isra.0+0x122/0x480 bfq_insert_requests+0x156/0x180 blk_mq_dispatch_plug_list+0x528/0x7e0 blk_mq_flush_plug_list.part.0+0xe5/0x590 __blk_flush_plug+0x3b/0x90 blk_finish_plug+0x40/0x60 do_writepages+0x19d/0x310 filemap_fdatawrite_wbc+0x95/0xc0 __filemap_fdatawrite_range+0x99/0xd0 filemap_write_and_wait_range.part.0+0x4d/0xa0 blkdev_read_iter+0xef/0x1e0 io_read+0x1b6/0x8a0 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x1b/0x30 Fix the problem by protecting bic_to_bfqq() with bfqd->lock. CVE-2024-53166 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53166.html CVE-2024-53166 https://bugzilla.suse.com/1234884 SUSE Bug 1234884 https://bugzilla.suse.com/1234885 SUSE Bug 1234885 In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: <IRQ> dump_stack_lvl+0x68/0xa0 print_address_description.constprop.0+0x2c/0x3d0 print_report+0xb4/0x270 kasan_report+0xbd/0xf0 tcp_write_timer_handler+0x156/0x3e0 tcp_write_timer+0x66/0x170 call_timer_fn+0xfb/0x1d0 __run_timers+0x3f8/0x480 run_timer_softirq+0x9b/0x100 handle_softirqs+0x153/0x390 __irq_exit_rcu+0x103/0x120 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0x76/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 RSP: 0018:ffffffffa2007e28 EFLAGS: 00000242 RAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d R10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000 R13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0 default_idle_call+0x6b/0xa0 cpuidle_idle_call+0x1af/0x1f0 do_idle+0xbc/0x130 cpu_startup_entry+0x33/0x40 rest_init+0x11f/0x210 start_kernel+0x39a/0x420 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x97/0xa0 common_startup_64+0x13e/0x141 </TASK> Allocated by task 595: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x87/0x90 kmem_cache_alloc_noprof+0x12b/0x3f0 copy_net_ns+0x94/0x380 create_new_namespaces+0x24c/0x500 unshare_nsproxy_namespaces+0x75/0xf0 ksys_unshare+0x24e/0x4f0 __x64_sys_unshare+0x1f/0x30 do_syscall_64+0x70/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 100: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x54/0x70 kmem_cache_free+0x156/0x5d0 cleanup_net+0x5d3/0x670 process_one_work+0x776/0xa90 worker_thread+0x2e2/0x560 kthread+0x1a8/0x1f0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Reproduction script: mkdir -p /mnt/nfsshare mkdir -p /mnt/nfs/netns_1 mkfs.ext4 /dev/sdb mount /dev/sdb /mnt/nfsshare systemctl restart nfs-server chmod 777 /mnt/nfsshare exportfs -i -o rw,no_root_squash *:/mnt/nfsshare ip netns add netns_1 ip link add name veth_1_peer type veth peer veth_1 ifconfig veth_1_peer 11.11.0.254 up ip link set veth_1 netns netns_1 ip netns exec netns_1 ifconfig veth_1 11.11.0.1 ip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \ --tcp-flags FIN FIN -j DROP (note: In my environment, a DESTROY_CLIENTID operation is always sent immediately, breaking the nfs tcp connection.) ip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \ 11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1 ip netns del netns_1 The reason here is that the tcp socket in netns_1 (nfs side) has been shutdown and closed (done in xs_destroy), but the FIN message (with ack) is discarded, and the nfsd side keeps sending retransmission messages. As a result, when the tcp sock in netns_1 processes the received message, it sends the message (FIN message) in the sending queue, and the tcp timer is re-established. When the network namespace is deleted, the net structure accessed by tcp's timer handler function causes problems. To fix this problem, let's hold netns refcnt for the tcp kernel socket as done in other modules. This is an ugly hack which can easily be backported to earlier kernels. A proper fix which cleans up the interfaces will follow, but may not be so easy to backport. CVE-2024-53168 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53168.html CVE-2024-53168 https://bugzilla.suse.com/1234887 SUSE Bug 1234887 https://bugzilla.suse.com/1243650 SUSE Bug 1243650 In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: fix kernel crash while shutting down controller The nvme keep-alive operation, which executes at a periodic interval, could potentially sneak in while shutting down a fabric controller. This may lead to a race between the fabric controller admin queue destroy code path (invoked while shutting down controller) and hw/hctx queue dispatcher called from the nvme keep-alive async request queuing operation. This race could lead to the kernel crash shown below: Call Trace: autoremove_wake_function+0x0/0xbc (unreliable) __blk_mq_sched_dispatch_requests+0x114/0x24c blk_mq_sched_dispatch_requests+0x44/0x84 blk_mq_run_hw_queue+0x140/0x220 nvme_keep_alive_work+0xc8/0x19c [nvme_core] process_one_work+0x200/0x4e0 worker_thread+0x340/0x504 kthread+0x138/0x140 start_kernel_thread+0x14/0x18 While shutting down fabric controller, if nvme keep-alive request sneaks in then it would be flushed off. The nvme_keep_alive_end_io function is then invoked to handle the end of the keep-alive operation which decrements the admin->q_usage_counter and assuming this is the last/only request in the admin queue then the admin->q_usage_counter becomes zero. If that happens then blk-mq destroy queue operation (blk_mq_destroy_ queue()) which could be potentially running simultaneously on another cpu (as this is the controller shutdown code path) would forward progress and deletes the admin queue. So, now from this point onward we are not supposed to access the admin queue resources. However the issue here's that the nvme keep-alive thread running hw/hctx queue dispatch operation hasn't yet finished its work and so it could still potentially access the admin queue resource while the admin queue had been already deleted and that causes the above crash. The above kernel crash is regression caused due to changes implemented in commit a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()"). Ideally we should stop keep-alive before destroyin g the admin queue and freeing the admin tagset so that it wouldn't sneak in during the shutdown operation. However we removed the keep alive stop operation from the beginning of the controller shutdown code path in commit a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()") and added it under nvme_uninit_ctrl() which executes very late in the shutdown code path after the admin queue is destroyed and its tagset is removed. So this change created the possibility of keep-alive sneaking in and interfering with the shutdown operation and causing observed kernel crash. To fix the observed crash, we decided to move nvme_stop_keep_alive() from nvme_uninit_ctrl() to nvme_remove_admin_tag_set(). This change would ensure that we don't forward progress and delete the admin queue until the keep- alive operation is finished (if it's in-flight) or cancelled and that would help contain the race condition explained above and hence avoid the crash. Moving nvme_stop_keep_alive() to nvme_remove_admin_tag_set() instead of adding nvme_stop_keep_alive() to the beginning of the controller shutdown code path in nvme_stop_ctrl(), as was the case earlier before commit a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()"), would help save one callsite of nvme_stop_keep_alive(). CVE-2024-53169 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53169.html CVE-2024-53169 https://bugzilla.suse.com/1234900 SUSE Bug 1234900 In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blk_mq_clear_flush_rq_mapping() is not called during scsi probe, by checking blk_queue_init_done(). However, QUEUE_FLAG_INIT_DONE is cleared in del_gendisk by commit aec89dc5d421 ("block: keep q_usage_counter in atomic mode after del_gendisk"), hence for disk like scsi, following blk_mq_destroy_queue() will not clear flush rq from tags->rqs[] as well, cause following uaf that is found by our syzkaller for v6.6: ================================================================== BUG: KASAN: slab-use-after-free in blk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261 Read of size 4 at addr ffff88811c969c20 by task kworker/1:2H/224909 CPU: 1 PID: 224909 Comm: kworker/1:2H Not tainted 6.6.0-ga836a5060850 #32 Workqueue: kblockd blk_mq_timeout_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364 print_report+0x3e/0x70 mm/kasan/report.c:475 kasan_report+0xb8/0xf0 mm/kasan/report.c:588 blk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261 bt_iter block/blk-mq-tag.c:288 [inline] __sbitmap_for_each_set include/linux/sbitmap.h:295 [inline] sbitmap_for_each_set include/linux/sbitmap.h:316 [inline] bt_for_each+0x455/0x790 block/blk-mq-tag.c:325 blk_mq_queue_tag_busy_iter+0x320/0x740 block/blk-mq-tag.c:534 blk_mq_timeout_work+0x1a3/0x7b0 block/blk-mq.c:1673 process_one_work+0x7c4/0x1450 kernel/workqueue.c:2631 process_scheduled_works kernel/workqueue.c:2704 [inline] worker_thread+0x804/0xe40 kernel/workqueue.c:2785 kthread+0x346/0x450 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:293 Allocated by task 942: kasan_save_stack+0x22/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 ____kasan_kmalloc mm/kasan/common.c:374 [inline] __kasan_kmalloc mm/kasan/common.c:383 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:380 kasan_kmalloc include/linux/kasan.h:198 [inline] __do_kmalloc_node mm/slab_common.c:1007 [inline] __kmalloc_node+0x69/0x170 mm/slab_common.c:1014 kmalloc_node include/linux/slab.h:620 [inline] kzalloc_node include/linux/slab.h:732 [inline] blk_alloc_flush_queue+0x144/0x2f0 block/blk-flush.c:499 blk_mq_alloc_hctx+0x601/0x940 block/blk-mq.c:3788 blk_mq_alloc_and_init_hctx+0x27f/0x330 block/blk-mq.c:4261 blk_mq_realloc_hw_ctxs+0x488/0x5e0 block/blk-mq.c:4294 blk_mq_init_allocated_queue+0x188/0x860 block/blk-mq.c:4350 blk_mq_init_queue_data block/blk-mq.c:4166 [inline] blk_mq_init_queue+0x8d/0x100 block/blk-mq.c:4176 scsi_alloc_sdev+0x843/0xd50 drivers/scsi/scsi_scan.c:335 scsi_probe_and_add_lun+0x77c/0xde0 drivers/scsi/scsi_scan.c:1189 __scsi_scan_target+0x1fc/0x5a0 drivers/scsi/scsi_scan.c:1727 scsi_scan_channel drivers/scsi/scsi_scan.c:1815 [inline] scsi_scan_channel+0x14b/0x1e0 drivers/scsi/scsi_scan.c:1791 scsi_scan_host_selected+0x2fe/0x400 drivers/scsi/scsi_scan.c:1844 scsi_scan+0x3a0/0x3f0 drivers/scsi/scsi_sysfs.c:151 store_scan+0x2a/0x60 drivers/scsi/scsi_sysfs.c:191 dev_attr_store+0x5c/0x90 drivers/base/core.c:2388 sysfs_kf_write+0x11c/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x3fc/0x610 fs/kernfs/file.c:338 call_write_iter include/linux/fs.h:2083 [inline] new_sync_write+0x1b4/0x2d0 fs/read_write.c:493 vfs_write+0x76c/0xb00 fs/read_write.c:586 ksys_write+0x127/0x250 fs/read_write.c:639 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x78/0xe2 Freed by task 244687: kasan_save_stack+0x22/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x50 mm/kasan/generic.c:522 ____kasan_slab_free mm/kasan/common.c:236 [inline] __kasan_slab_free+0x12a/0x1b0 mm/kasan/common.c:244 kasan_slab_free include/linux/kasan.h:164 [in ---truncated--- CVE-2024-53170 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53170.html CVE-2024-53170 https://bugzilla.suse.com/1234888 SUSE Bug 1234888 In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit After an insertion in TNC, the tree might split and cause a node to change its `znode->parent`. A further deletion of other nodes in the tree (which also could free the nodes), the aforementioned node's `znode->cparent` could still point to a freed node. This `znode->cparent` may not be updated when getting nodes to commit in `ubifs_tnc_start_commit()`. This could then trigger a use-after-free when accessing the `znode->cparent` in `write_index()` in `ubifs_tnc_end_commit()`. This can be triggered by running rm -f /etc/test-file.bin dd if=/dev/urandom of=/etc/test-file.bin bs=1M count=60 conv=fsync in a loop, and with `CONFIG_UBIFS_FS_AUTHENTICATION`. KASAN then reports: BUG: KASAN: use-after-free in ubifs_tnc_end_commit+0xa5c/0x1950 Write of size 32 at addr ffffff800a3af86c by task ubifs_bgt0_20/153 Call trace: dump_backtrace+0x0/0x340 show_stack+0x18/0x24 dump_stack_lvl+0x9c/0xbc print_address_description.constprop.0+0x74/0x2b0 kasan_report+0x1d8/0x1f0 kasan_check_range+0xf8/0x1a0 memcpy+0x84/0xf4 ubifs_tnc_end_commit+0xa5c/0x1950 do_commit+0x4e0/0x1340 ubifs_bg_thread+0x234/0x2e0 kthread+0x36c/0x410 ret_from_fork+0x10/0x20 Allocated by task 401: kasan_save_stack+0x38/0x70 __kasan_kmalloc+0x8c/0xd0 __kmalloc+0x34c/0x5bc tnc_insert+0x140/0x16a4 ubifs_tnc_add+0x370/0x52c ubifs_jnl_write_data+0x5d8/0x870 do_writepage+0x36c/0x510 ubifs_writepage+0x190/0x4dc __writepage+0x58/0x154 write_cache_pages+0x394/0x830 do_writepages+0x1f0/0x5b0 filemap_fdatawrite_wbc+0x170/0x25c file_write_and_wait_range+0x140/0x190 ubifs_fsync+0xe8/0x290 vfs_fsync_range+0xc0/0x1e4 do_fsync+0x40/0x90 __arm64_sys_fsync+0x34/0x50 invoke_syscall.constprop.0+0xa8/0x260 do_el0_svc+0xc8/0x1f0 el0_svc+0x34/0x70 el0t_64_sync_handler+0x108/0x114 el0t_64_sync+0x1a4/0x1a8 Freed by task 403: kasan_save_stack+0x38/0x70 kasan_set_track+0x28/0x40 kasan_set_free_info+0x28/0x4c __kasan_slab_free+0xd4/0x13c kfree+0xc4/0x3a0 tnc_delete+0x3f4/0xe40 ubifs_tnc_remove_range+0x368/0x73c ubifs_tnc_remove_ino+0x29c/0x2e0 ubifs_jnl_delete_inode+0x150/0x260 ubifs_evict_inode+0x1d4/0x2e4 evict+0x1c8/0x450 iput+0x2a0/0x3c4 do_unlinkat+0x2cc/0x490 __arm64_sys_unlinkat+0x90/0x100 invoke_syscall.constprop.0+0xa8/0x260 do_el0_svc+0xc8/0x1f0 el0_svc+0x34/0x70 el0t_64_sync_handler+0x108/0x114 el0t_64_sync+0x1a4/0x1a8 The offending `memcpy()` in `ubifs_copy_hash()` has a use-after-free when a node becomes root in TNC but still has a `cparent` to an already freed node. More specifically, consider the following TNC: zroot / / zp1 / / zn Inserting a new node `zn_new` with a key smaller then `zn` will trigger a split in `tnc_insert()` if `zp1` is full: zroot / \ / \ zp1 zp2 / \ / \ zn_new zn `zn->parent` has now been moved to `zp2`, *but* `zn->cparent` still points to `zp1`. Now, consider a removal of all the nodes _except_ `zn`. Just when `tnc_delete()` is about to delete `zroot` and `zp2`: zroot \ \ zp2 \ \ zn `zroot` and `zp2` get freed and the tree collapses: zn `zn` now becomes the new `zroot`. `get_znodes_to_commit()` will now only find `zn`, the new `zroot`, and `write_index()` will check its `znode->cparent` that wrongly points to the already freed `zp1`. `ubifs_copy_hash()` thus gets wrongly called with `znode->cparent->zbranch[znode->iip].hash` that triggers the use-after-free! Fix this by explicitly setting `znode->cparent` to `NULL` in `get_znodes_to_commit()` for the root node. The search for the dirty nodes ---truncated--- CVE-2024-53171 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53171.html CVE-2024-53171 https://bugzilla.suse.com/1234889 SUSE Bug 1234889 https://bugzilla.suse.com/1236234 SUSE Bug 1236234 In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y"), the duplicate slab cache names can be detected and a kernel WARNING is thrown out. In UBI fast attaching process, alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', which will trigger following warning messages: kmem_cache of name 'ubi_aeb_slab_cache' already exists WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107 __kmem_cache_create_args+0x100/0x5f0 Modules linked in: ubi(+) nandsim [last unloaded: nandsim] CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2 RIP: 0010:__kmem_cache_create_args+0x100/0x5f0 Call Trace: __kmem_cache_create_args+0x100/0x5f0 alloc_ai+0x295/0x3f0 [ubi] ubi_attach+0x3c3/0xcc0 [ubi] ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi] ubi_init+0x3fb/0x800 [ubi] do_init_module+0x265/0x7d0 __x64_sys_finit_module+0x7a/0xc0 The problem could be easily reproduced by loading UBI device by fastmap with CONFIG_DEBUG_VM=y. Fix it by using different slab names for alloc_ai() callers. CVE-2024-53172 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53172.html CVE-2024-53172 https://bugzilla.suse.com/1234898 SUSE Bug 1234898 In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed. CVE-2024-53173 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53173.html CVE-2024-53173 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1234891 SUSE Bug 1234891 https://bugzilla.suse.com/1234892 SUSE Bug 1234892 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cache_show The function `c_show` was called with protection from RCU. This only ensures that `cp` will not be freed. Therefore, the reference count for `cp` can drop to zero, which will trigger a refcount use-after-free warning when `cache_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `cp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 7 PID: 822 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 7 UID: 0 PID: 822 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 Call Trace: <TASK> c_show+0x2fc/0x380 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2024-53174 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53174.html CVE-2024-53174 https://bugzilla.suse.com/1234899 SUSE Bug 1234899 In the Linux kernel, the following vulnerability has been resolved: ipc: fix memleak if msg_init_ns failed in create_ipc_ns Percpu memory allocation may failed during create_ipc_ns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. Fix this by release these two resource when failure. Here is the kmemleak stack when percpu failed: unreferenced object 0xffff88819de2a600 (size 512): comm "shmem_2nstest", pid 120711, jiffies 4300542254 hex dump (first 32 bytes): 60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H..... 04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V..... backtrace (crc be7cba35): [<ffffffff81b43f83>] __kmalloc_node_track_caller_noprof+0x333/0x420 [<ffffffff81a52e56>] kmemdup_noprof+0x26/0x50 [<ffffffff821b2f37>] setup_mq_sysctls+0x57/0x1d0 [<ffffffff821b29cc>] copy_ipcs+0x29c/0x3b0 [<ffffffff815d6a10>] create_new_namespaces+0x1d0/0x920 [<ffffffff815d7449>] copy_namespaces+0x2e9/0x3e0 [<ffffffff815458f3>] copy_process+0x29f3/0x7ff0 [<ffffffff8154b080>] kernel_clone+0xc0/0x650 [<ffffffff8154b6b1>] __do_sys_clone+0xa1/0xe0 [<ffffffff843df8ff>] do_syscall_64+0xbf/0x1c0 [<ffffffff846000b0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 CVE-2024-53175 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53175.html CVE-2024-53175 https://bugzilla.suse.com/1234893 SUSE Bug 1234893 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses->auth_key.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifs_mount() dfs_mount_share() get_session() cifs_mount_get_session() cifs_send_recv() cifs_get_smb_ses() compound_send_recv() cifs_setup_session() smb2_setup_request() kfree_sensitive() smb2_calc_signature() crypto_shash_setkey() *UAF* Fix this by ensuring that we have a valid @ses->auth_key.response by checking whether @ses->ses_status is SES_GOOD or SES_EXITING with @ses->ses_lock held. After commit 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()"), we made sure to call ->logoff() only when @ses was known to be good (e.g. valid ->auth_key.response), so it's safe to access signing key when @ses->ses_status == SES_EXITING. CVE-2024-53179 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53179.html CVE-2024-53179 https://bugzilla.suse.com/1234921 SUSE Bug 1234921 https://bugzilla.suse.com/1234927 SUSE Bug 1234927 In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic. CVE-2024-53180 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53180.html CVE-2024-53180 https://bugzilla.suse.com/1234929 SUSE Bug 1234929 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in crypto_aead_setkey() Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the default cipher. See MS-SMB2 3.3.5.4. Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") added a @server->cipher_type check to conditionally call smb3_crypto_aead_allocate(), but that check would always be false as @server->cipher_type is unset for SMB3.02. Fix the following KASAN splat by setting @server->cipher_type for SMB3.02 as well. mount.cifs //srv/share /mnt -o vers=3.02,seal,... BUG: KASAN: null-ptr-deref in crypto_aead_setkey+0x2c/0x130 Read of size 8 at addr 0000000000000020 by task mount.cifs/1095 CPU: 1 UID: 0 PID: 1095 Comm: mount.cifs Not tainted 6.12.0 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? crypto_aead_setkey+0x2c/0x130 kasan_report+0xda/0x110 ? crypto_aead_setkey+0x2c/0x130 crypto_aead_setkey+0x2c/0x130 crypt_message+0x258/0xec0 [cifs] ? __asan_memset+0x23/0x50 ? __pfx_crypt_message+0x10/0x10 [cifs] ? mark_lock+0xb0/0x6a0 ? hlock_class+0x32/0xb0 ? mark_lock+0xb0/0x6a0 smb3_init_transform_rq+0x352/0x3f0 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 smb_send_rqst+0x144/0x230 [cifs] ? __pfx_smb_send_rqst+0x10/0x10 [cifs] ? hlock_class+0x32/0xb0 ? smb2_setup_request+0x225/0x3a0 [cifs] ? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs] compound_send_recv+0x59b/0x1140 [cifs] ? __pfx_compound_send_recv+0x10/0x10 [cifs] ? __create_object+0x5e/0x90 ? hlock_class+0x32/0xb0 ? do_raw_spin_unlock+0x9a/0xf0 cifs_send_recv+0x23/0x30 [cifs] SMB2_tcon+0x3ec/0xb30 [cifs] ? __pfx_SMB2_tcon+0x10/0x10 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 ? __pfx_lock_release+0x10/0x10 ? do_raw_spin_trylock+0xc6/0x120 ? lock_acquire+0x3f/0x90 ? _get_xid+0x16/0xd0 [cifs] ? __pfx_SMB2_tcon+0x10/0x10 [cifs] ? cifs_get_smb_ses+0xcdd/0x10a0 [cifs] cifs_get_smb_ses+0xcdd/0x10a0 [cifs] ? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs] ? cifs_get_tcp_session+0xaa0/0xca0 [cifs] cifs_mount_get_session+0x8a/0x210 [cifs] dfs_mount_share+0x1b0/0x11d0 [cifs] ? __pfx___lock_acquire+0x10/0x10 ? __pfx_dfs_mount_share+0x10/0x10 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 ? find_held_lock+0x8a/0xa0 ? hlock_class+0x32/0xb0 ? lock_release+0x203/0x5d0 cifs_mount+0xb3/0x3d0 [cifs] ? do_raw_spin_trylock+0xc6/0x120 ? __pfx_cifs_mount+0x10/0x10 [cifs] ? lock_acquire+0x3f/0x90 ? find_nls+0x16/0xa0 ? smb3_update_mnt_flags+0x372/0x3b0 [cifs] cifs_smb3_do_mount+0x1e2/0xc80 [cifs] ? __pfx_vfs_parse_fs_string+0x10/0x10 ? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs] smb3_get_tree+0x1bf/0x330 [cifs] vfs_get_tree+0x4a/0x160 path_mount+0x3c1/0xfb0 ? kasan_quarantine_put+0xc7/0x1d0 ? __pfx_path_mount+0x10/0x10 ? kmem_cache_free+0x118/0x3e0 ? user_path_at+0x74/0xa0 __x64_sys_mount+0x1a6/0x1e0 ? __pfx___x64_sys_mount+0x10/0x10 ? mark_held_locks+0x1a/0x90 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2024-53185 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53185.html CVE-2024-53185 https://bugzilla.suse.com/1234901 SUSE Bug 1234901 In the Linux kernel, the following vulnerability has been resolved: io_uring: check for overflows in io_pin_pages WARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144 CPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0 Call Trace: <TASK> __io_uaddr_map+0xfb/0x2d0 io_uring/memmap.c:183 io_rings_map io_uring/io_uring.c:2611 [inline] io_allocate_scq_urings+0x1c0/0x650 io_uring/io_uring.c:3470 io_uring_create+0x5b5/0xc00 io_uring/io_uring.c:3692 io_uring_setup io_uring/io_uring.c:3781 [inline] ... </TASK> io_pin_pages()'s uaddr parameter came directly from the user and can be garbage. Don't just add size to it as it can overflow. CVE-2024-53187 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53187.html CVE-2024-53187 https://bugzilla.suse.com/1234947 SUSE Bug 1234947 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix crash when unbinding If there is an error during some initialization related to firmware, the function ath12k_dp_cc_cleanup is called to release resources. However this is released again when the device is unbinded (ath12k_pci), and we get: BUG: kernel NULL pointer dereference, address: 0000000000000020 at RIP: 0010:ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k] Call Trace: ath12k_dp_cc_cleanup ath12k_dp_free ath12k_core_deinit ath12k_pci_remove ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just set to NULL the released structure in ath12k_dp_cc_cleanup at the end. CVE-2024-53188 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53188.html CVE-2024-53188 https://bugzilla.suse.com/1234948 SUSE Bug 1234948 In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Syzkaller reported a hung task with uevent_show() on stack trace. That specific issue was addressed by another commit [0], but even with that fix applied (for example, running v6.12-rc5) we face another type of hung task that comes from the same reproducer [1]. By investigating that, we could narrow it to the following path: (a) Syzkaller emulates a Realtek USB WiFi adapter using raw-gadget and dummy_hcd infrastructure. (b) During the probe of rtl8192cu, the driver ends-up performing an efuse read procedure (which is related to EEPROM load IIUC), and here lies the issue: the function read_efuse() calls read_efuse_byte() many times, as loop iterations depending on the efuse size (in our example, 512 in total). This procedure for reading efuse bytes relies in a loop that performs an I/O read up to *10k* times in case of failures. We measured the time of the loop inside read_efuse_byte() alone, and in this reproducer (which involves the dummy_hcd emulation layer), it takes 15 seconds each. As a consequence, we have the driver stuck in its probe routine for big time, exposing a stack trace like below if we attempt to reboot the system, for example: task:kworker/0:3 state:D stack:0 pid:662 tgid:662 ppid:2 flags:0x00004000 Workqueue: usb_hub_wq hub_event Call Trace: __schedule+0xe22/0xeb6 schedule_timeout+0xe7/0x132 __wait_for_common+0xb5/0x12e usb_start_wait_urb+0xc5/0x1ef ? usb_alloc_urb+0x95/0xa4 usb_control_msg+0xff/0x184 _usbctrl_vendorreq_sync+0xa0/0x161 _usb_read_sync+0xb3/0xc5 read_efuse_byte+0x13c/0x146 read_efuse+0x351/0x5f0 efuse_read_all_map+0x42/0x52 rtl_efuse_shadow_map_update+0x60/0xef rtl_get_hwinfo+0x5d/0x1c2 rtl92cu_read_eeprom_info+0x10a/0x8d5 ? rtl92c_read_chip_version+0x14f/0x17e rtl_usb_probe+0x323/0x851 usb_probe_interface+0x278/0x34b really_probe+0x202/0x4a4 __driver_probe_device+0x166/0x1b2 driver_probe_device+0x2f/0xd8 [...] We propose hereby to drastically reduce the attempts of doing the I/O reads in case of failures, restricted to USB devices (given that they're inherently slower than PCIe ones). By retrying up to 10 times (instead of 10000), we got reponsiveness in the reproducer, while seems reasonable to believe that there's no sane USB device implementation in the field requiring this amount of retries at every I/O read in order to properly work. Based on that assumption, it'd be good to have it backported to stable but maybe not since driver implementation (the 10k number comes from day 0), perhaps up to 6.x series makes sense. [0] Commit 15fffc6a5624 ("driver core: Fix uevent_show() vs driver detach race") [1] A note about that: this syzkaller report presents multiple reproducers that differs by the type of emulated USB device. For this specific case, check the entry from 2024/08/08 06:23 in the list of crashes; the C repro is available at https://syzkaller.appspot.com/text?tag=ReproC&x=1521fc83980000. CVE-2024-53190 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53190.html CVE-2024-53190 https://bugzilla.suse.com/1234950 SUSE Bug 1234950 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix warning when unbinding If there is an error during some initialization related to firmware, the buffers dp->tx_ring[i].tx_status are released. However this is released again when the device is unbinded (ath12k_pci), and we get: WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80 Call Trace: free_large_kmalloc ath12k_dp_free ath12k_core_deinit ath12k_pci_remove ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just set the buffers to NULL after releasing in order to avoid the double free. CVE-2024-53191 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53191.html CVE-2024-53191 https://bugzilla.suse.com/1234952 SUSE Bug 1234952 In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock. Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and commit 59a54c5f3dbd ("thunderbolt: Reset topology created by the boot firmware"), USB4 v2 and v1 Host Routers are reset on probe of the thunderbolt driver. The reset clears the Presence Detect State and Data Link Layer Link Active bits at the USB4 Host Router's Root Port and thus causes hot removal of the dock. The crash occurs when pciehp is unbound from one of the dock's Downstream Ports: pciehp creates a pci_slot on bind and destroys it on unbind. The pci_slot contains a pointer to the pci_bus below the Downstream Port, but a reference on that pci_bus is never acquired. The pci_bus is destroyed before the pci_slot, so a use-after-free ensues when pci_slot_release() accesses slot->bus. In principle this should not happen because pci_stop_bus_device() unbinds pciehp (and therefore destroys the pci_slot) before the pci_bus is destroyed by pci_remove_bus_device(). However the stacktrace provided by Dennis shows that pciehp is unbound from pci_remove_bus_device() instead of pci_stop_bus_device(). To understand the significance of this, one needs to know that the PCI core uses a two step process to remove a portion of the hierarchy: It first unbinds all drivers in the sub-hierarchy in pci_stop_bus_device() and then actually removes the devices in pci_remove_bus_device(). There is no precaution to prevent driver binding in-between pci_stop_bus_device() and pci_remove_bus_device(). In Dennis' case, it seems removal of the hierarchy by pciehp races with driver binding by pci_bus_add_devices(). pciehp is bound to the Downstream Port after pci_stop_bus_device() has run, so it is unbound by pci_remove_bus_device() instead of pci_stop_bus_device(). Because the pci_bus has already been destroyed at that point, accesses to it result in a use-after-free. One might conclude that driver binding needs to be prevented after pci_stop_bus_device() has run. However it seems risky that pci_slot points to pci_bus without holding a reference. Solely relying on correct ordering of driver unbind versus pci_bus destruction is certainly not defensive programming. If pci_slot has a need to access data in pci_bus, it ought to acquire a reference. Amend pci_create_slot() accordingly. Dennis reports that the crash is not reproducible with this change. Abridged stacktrace: pcieport 0000:00:07.0: PME: Signaling with IRQ 156 pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ pci_bus 0000:20: dev 00, created physical slot 12 pcieport 0000:00:07.0: pciehp: Slot(12): Card not present ... pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0 Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1 RIP: 0010:dev_driver_string+0x12/0x40 pci_destroy_slot pciehp_remove pcie_port_remove_service device_release_driver_internal bus_remove_device device_del device_unregister remove_iter device_for_each_child pcie_portdrv_remove pci_device_remove device_release_driver_internal bus_remove_device device_del pci_remove_bus_device (recursive invocation) pci_remove_bus_device pciehp_unconfigure_device pciehp_disable_slot pciehp_handle_presence_or_link_change pciehp_ist CVE-2024-53194 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53194.html CVE-2024-53194 https://bugzilla.suse.com/1235459 SUSE Bug 1235459 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Get rid of userspace_irqchip_in_use Improper use of userspace_irqchip_in_use led to syzbot hitting the following WARN_ON() in kvm_timer_update_irq(): WARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394 Call trace: kvm_timer_update_irq+0x21c/0x394 arch/arm64/kvm/arch_timer.c:459 kvm_timer_vcpu_reset+0x158/0x684 arch/arm64/kvm/arch_timer.c:968 kvm_reset_vcpu+0x3b4/0x560 arch/arm64/kvm/reset.c:264 kvm_vcpu_set_target arch/arm64/kvm/arm.c:1553 [inline] kvm_arch_vcpu_ioctl_vcpu_init arch/arm64/kvm/arm.c:1573 [inline] kvm_arch_vcpu_ioctl+0x112c/0x1b3c arch/arm64/kvm/arm.c:1695 kvm_vcpu_ioctl+0x4ec/0xf74 virt/kvm/kvm_main.c:4658 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __arm64_sys_ioctl+0x108/0x184 fs/ioctl.c:893 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x78/0x1b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x1b0 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x40/0x50 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x14c arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 The following sequence led to the scenario: - Userspace creates a VM and a vCPU. - The vCPU is initialized with KVM_ARM_VCPU_PMU_V3 during KVM_ARM_VCPU_INIT. - Without any other setup, such as vGIC or vPMU, userspace issues KVM_RUN on the vCPU. Since the vPMU is requested, but not setup, kvm_arm_pmu_v3_enable() fails in kvm_arch_vcpu_run_pid_change(). As a result, KVM_RUN returns after enabling the timer, but before incrementing 'userspace_irqchip_in_use': kvm_arch_vcpu_run_pid_change() ret = kvm_arm_pmu_v3_enable() if (!vcpu->arch.pmu.created) return -EINVAL; if (ret) return ret; [...] if (!irqchip_in_kernel(kvm)) static_branch_inc(&userspace_irqchip_in_use); - Userspace ignores the error and issues KVM_ARM_VCPU_INIT again. Since the timer is already enabled, control moves through the following flow, ultimately hitting the WARN_ON(): kvm_timer_vcpu_reset() if (timer->enabled) kvm_timer_update_irq() if (!userspace_irqchip()) ret = kvm_vgic_inject_irq() ret = vgic_lazy_init() if (unlikely(!vgic_initialized(kvm))) if (kvm->arch.vgic.vgic_model != KVM_DEV_TYPE_ARM_VGIC_V2) return -EBUSY; WARN_ON(ret); Theoretically, since userspace_irqchip_in_use's functionality can be simply replaced by '!irqchip_in_kernel()', get rid of the static key to avoid the mismanagement, which also helps with the syzbot issue. CVE-2024-53195 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53195.html CVE-2024-53195 https://bugzilla.suse.com/1234957 SUSE Bug 1234957 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Don't retire aborted MMIO instruction Returning an abort to the guest for an unsupported MMIO access is a documented feature of the KVM UAPI. Nevertheless, it's clear that this plumbing has seen limited testing, since userspace can trivially cause a WARN in the MMIO return: WARNING: CPU: 0 PID: 30558 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536 Call trace: kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536 kvm_arch_vcpu_ioctl_run+0x98/0x15b4 arch/arm64/kvm/arm.c:1133 kvm_vcpu_ioctl+0x75c/0xa78 virt/kvm/kvm_main.c:4487 __do_sys_ioctl fs/ioctl.c:51 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:893 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x1e0/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x38/0x68 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 The splat is complaining that KVM is advancing PC while an exception is pending, i.e. that KVM is retiring the MMIO instruction despite a pending synchronous external abort. Womp womp. Fix the glaring UAPI bug by skipping over all the MMIO emulation in case there is a pending synchronous exception. Note that while userspace is capable of pending an asynchronous exception (SError, IRQ, or FIQ), it is still safe to retire the MMIO instruction in this case as (1) they are by definition asynchronous, and (2) KVM relies on hardware support for pending/delivering these exceptions instead of the software state machine for advancing PC. CVE-2024-53196 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53196.html CVE-2024-53196 https://bugzilla.suse.com/1234906 SUSE Bug 1234906 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration. CVE-2024-53197 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53197.html CVE-2024-53197 https://bugzilla.suse.com/1235464 SUSE Bug 1235464 In the Linux kernel, the following vulnerability has been resolved: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() This patch fixes an issue in the function xenbus_dev_probe(). In the xenbus_dev_probe() function, within the if (err) branch at line 313, the program incorrectly returns err directly without releasing the resources allocated by err = drv->probe(dev, id). As the return value is non-zero, the upper layers assume the processing logic has failed. However, the probe operation was performed earlier without a corresponding remove operation. Since the probe actually allocates resources, failing to perform the remove operation could lead to problems. To fix this issue, we followed the resource release logic of the xenbus_dev_remove() function by adding a new block fail_remove before the fail_put block. After entering the branch if (err) at line 313, the function will use a goto statement to jump to the fail_remove block, ensuring that the previously acquired resources are correctly released, thus preventing the reference count leak. This bug was identified by an experimental static analysis tool developed by our team. The tool specializes in analyzing reference count operations and detecting potential issues where resources are not properly managed. In this case, the tool flagged the missing release operation as a potential problem, which led to the development of this patch. CVE-2024-53198 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53198.html CVE-2024-53198 https://bugzilla.suse.com/1234923 SUSE Bug 1234923 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure `pipe_ctx->plane_state` is not null before accessing. This prevents a null pointer dereference. CVE-2024-53200 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53200.html CVE-2024-53200 https://bugzilla.suse.com/1234968 SUSE Bug 1234968 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in dcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe") partially fixed the null pointer dereference issue. However, in dcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and plane_state is accessed again through pipe_ctx. Multiple if statements directly call attributes of plane_state, leading to potential null pointer dereference issues. This patch adds necessary null checks to ensure stability. CVE-2024-53201 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53201.html CVE-2024-53201 https://bugzilla.suse.com/1234969 SUSE Bug 1234969 In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix possible resource leak in fw_log_firmware_info() The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with crypto_free_shash when kmalloc fails. CVE-2024-53202 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53202.html CVE-2024-53202 https://bugzilla.suse.com/1234970 SUSE Bug 1234970 In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. CVE-2024-53203 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53203.html CVE-2024-53203 https://bugzilla.suse.com/1235001 SUSE Bug 1235001 In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put(). CVE-2024-53206 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53206.html CVE-2024-53206 https://bugzilla.suse.com/1234960 SUSE Bug 1234960 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000 Workqueue: hci0 hci_cmd_sync_work [bluetooth] Call Trace: <TASK> __schedule+0x374/0xaf0 schedule+0x3c/0xf0 schedule_preempt_disabled+0x1c/0x30 __mutex_lock.constprop.0+0x3ef/0x7a0 __mutex_lock_slowpath+0x13/0x20 mutex_lock+0x3c/0x50 mgmt_set_connectable_complete+0xa4/0x150 [bluetooth] ? kfree+0x211/0x2a0 hci_cmd_sync_dequeue+0xae/0x130 [bluetooth] ? __pfx_cmd_complete_rsp+0x10/0x10 [bluetooth] cmd_complete_rsp+0x26/0x80 [bluetooth] mgmt_pending_foreach+0x4d/0x70 [bluetooth] __mgmt_power_off+0x8d/0x180 [bluetooth] ? _raw_spin_unlock_irq+0x23/0x40 hci_dev_close_sync+0x445/0x5b0 [bluetooth] hci_set_powered_sync+0x149/0x250 [bluetooth] set_powered_sync+0x24/0x60 [bluetooth] hci_cmd_sync_work+0x90/0x150 [bluetooth] process_one_work+0x13e/0x300 worker_thread+0x2f7/0x420 ? __pfx_worker_thread+0x10/0x10 kthread+0x107/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x3d/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> CVE-2024-53207 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53207.html CVE-2024-53207 https://bugzilla.suse.com/1234907 SUSE Bug 1234907 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 Read of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54 CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 q kasan_report+0x143/0x180 mm/kasan/report.c:601 set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:328 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd10 kernel/workqueue.c:3389 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 5247: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4193 kmalloc_noprof include/linux/slab.h:681 [inline] kzalloc_noprof include/linux/slab.h:807 [inline] mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269 mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296 set_powered+0x3cd/0x5e0 net/bluetooth/mgmt.c:1394 hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 5246: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2256 [inline] slab_free mm/slub.c:4477 [inline] kfree+0x149/0x360 mm/slub.c:4598 settings_rsp+0x2bc/0x390 net/bluetooth/mgmt.c:1443 mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259 __mgmt_power_off+0x112/0x420 net/bluetooth/mgmt.c:9455 hci_dev_close_sync+0x665/0x11a0 net/bluetooth/hci_sync.c:5191 hci_dev_do_close net/bluetooth/hci_core.c:483 [inline] hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83gv entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2024-53208 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53208.html CVE-2024-53208 https://bugzilla.suse.com/1234909 SUSE Bug 1234909 https://bugzilla.suse.com/1236244 SUSE Bug 1236244 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix receive ring space parameters when XDP is active The MTU setting at the time an XDP multi-buffer is attached determines whether the aggregation ring will be used and the rx_skb_func handler. This is done in bnxt_set_rx_skb_mode(). If the MTU is later changed, the aggregation ring setting may need to be changed and it may become out-of-sync with the settings initially done in bnxt_set_rx_skb_mode(). This may result in random memory corruption and crashes as the HW may DMA data larger than the allocated buffer size, such as: BUG: kernel NULL pointer dereference, address: 00000000000003c0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S OE 6.1.0-226bf9805506 #1 Hardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021 RIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en] Code: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f RSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202 RAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff RDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380 RBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf R10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980 R13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990 FS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en] To address the issue, we now call bnxt_set_rx_skb_mode() within bnxt_change_mtu() to properly set the AGG rings configuration and update rx_skb_func based on the new MTU value. Additionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of bnxt_set_rx_skb_mode() to make sure it gets set or cleared based on the current MTU. CVE-2024-53209 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53209.html CVE-2024-53209 https://bugzilla.suse.com/1235002 SUSE Bug 1235002 In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount (skb->users) and iucv_sock_recvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skb_queue_purge() and WARN_ON in iucv_sock_destruct() during socket close. To fix this decrease skb refcount by one if MSG_PEEK is set in order to prevent memory leak and WARN_ON. WARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv] CPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Call Trace: [<001587c682c4aa98>] iucv_sock_destruct+0x148/0x1a0 [af_iucv] [<001587c682c4a9d0>] iucv_sock_destruct+0x80/0x1a0 [af_iucv] [<001587c704117a32>] __sk_destruct+0x52/0x550 [<001587c704104a54>] __sock_release+0xa4/0x230 [<001587c704104c0c>] sock_close+0x2c/0x40 [<001587c702c5f5a8>] __fput+0x2e8/0x970 [<001587c7024148c4>] task_work_run+0x1c4/0x2c0 [<001587c7023b0716>] do_exit+0x996/0x1050 [<001587c7023b13aa>] do_group_exit+0x13a/0x360 [<001587c7023b1626>] __s390x_sys_exit_group+0x56/0x60 [<001587c7022bccca>] do_syscall+0x27a/0x380 [<001587c7049a6a0c>] __do_syscall+0x9c/0x160 [<001587c7049ce8a8>] system_call+0x70/0x98 Last Breaking-Event-Address: [<001587c682c4a9d4>] iucv_sock_destruct+0x84/0x1a0 [af_iucv] CVE-2024-53210 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53210.html CVE-2024-53210 https://bugzilla.suse.com/1234971 SUSE Bug 1234971 In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xx_probe(), the buffer `buf` was being freed twice: once implicitly through `usb_free_urb(dev->urb_intr)` with the `URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused a double free issue. To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to simplify the initialization sequence and removed the redundant `kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring it is correctly managed by `usb_fill_int_urb()` and freed by `usb_free_urb()` as intended. CVE-2024-53213 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53213.html CVE-2024-53213 https://bugzilla.suse.com/1234973 SUSE Bug 1234973 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability (i.e., capability with ID greater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally chosen to be hidden from the user. Hiding a capability is done by virtualizing and modifying the 'Next Capability Offset' field of the previous capability so it points to the capability after the one that should be hidden. The special case where the first capability in the list should be hidden is handled differently because there is no previous capability that can be modified. In this case, the capability ID and version are zeroed while leaving the next pointer intact. This hides the capability and leaves an anchor for the rest of the capability list. However, today, hiding the first capability in the list is not done properly if the capability is unknown, as struct vfio_pci_core_device->pci_config_map is set to the capability ID during initialization but the capability ID is not properly checked later when used in vfio_config_do_rw(). This leads to the following warning [1] and to an out-of-bounds access to ecap_perms array. Fix it by checking cap_id in vfio_config_do_rw(), and if it is greater than PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct read only access instead of the ecap_perms array. Note that this is safe since the above is the only case where cap_id can exceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which are already checked before). [1] WARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] CPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1 (snip) Call Trace: <TASK> ? show_regs+0x69/0x80 ? __warn+0x8d/0x140 ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] ? report_bug+0x18f/0x1a0 ? handle_bug+0x63/0xa0 ? exc_invalid_op+0x19/0x70 ? asm_exc_invalid_op+0x1b/0x20 ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] ? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core] vfio_pci_rw+0x101/0x1b0 [vfio_pci_core] vfio_pci_core_read+0x1d/0x30 [vfio_pci_core] vfio_device_fops_read+0x27/0x40 [vfio] vfs_read+0xbd/0x340 ? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio] ? __rseq_handle_notify_resume+0xa4/0x4b0 __x64_sys_pread64+0x96/0xc0 x64_sys_call+0x1c3d/0x20d0 do_syscall_64+0x4d/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2024-53214 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53214.html CVE-2024-53214 https://bugzilla.suse.com/1235004 SUSE Bug 1235004 https://bugzilla.suse.com/1235005 SUSE Bug 1235005 In the Linux kernel, the following vulnerability has been resolved: svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() There's issue as follows: RPC: Registered rdma transport module. RPC: Registered rdma backchannel transport module. RPC: Unregistered rdma transport module. RPC: Unregistered rdma backchannel transport module. BUG: unable to handle page fault for address: fffffbfff80c609a PGD 123fee067 P4D 123fee067 PUD 123fea067 PMD 10c624067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI RIP: 0010:percpu_counter_destroy_many+0xf7/0x2a0 Call Trace: <TASK> __die+0x1f/0x70 page_fault_oops+0x2cd/0x860 spurious_kernel_fault+0x36/0x450 do_kern_addr_fault+0xca/0x100 exc_page_fault+0x128/0x150 asm_exc_page_fault+0x26/0x30 percpu_counter_destroy_many+0xf7/0x2a0 mmdrop+0x209/0x350 finish_task_switch.isra.0+0x481/0x840 schedule_tail+0xe/0xd0 ret_from_fork+0x23/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> If register_sysctl() return NULL, then svc_rdma_proc_cleanup() will not destroy the percpu counters which init in svc_rdma_proc_init(). If CONFIG_HOTPLUG_CPU is enabled, residual nodes may be in the 'percpu_counters' list. The above issue may occur once the module is removed. If the CONFIG_HOTPLUG_CPU configuration is not enabled, memory leakage occurs. To solve above issue just destroy all percpu counters when register_sysctl() return NULL. CVE-2024-53215 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53215.html CVE-2024-53215 https://bugzilla.suse.com/1234962 SUSE Bug 1234962 In the Linux kernel, the following vulnerability has been resolved: nfsd: release svc_expkey/svc_export with rcu_work The last reference for `cache_head` can be reduced to zero in `c_show` and `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently, `svc_export_put` and `expkey_put` will be invoked, leading to two issues: 1. The `svc_export_put` will directly free ex_uuid. However, `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can trigger a use-after-free issue, shown below. ================================================================== BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd] Read of size 1 at addr ff11000010fdc120 by task cat/870 CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_address_description.constprop.0+0x2c/0x3a0 print_report+0xb9/0x280 kasan_report+0xae/0xe0 svc_export_show+0x362/0x430 [nfsd] c_show+0x161/0x390 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 830: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc_node_track_caller_noprof+0x1bc/0x400 kmemdup_noprof+0x22/0x50 svc_export_parse+0x8a9/0xb80 [nfsd] cache_do_downcall+0x71/0xa0 [sunrpc] cache_write_procfs+0x8e/0xd0 [sunrpc] proc_reg_write+0xe1/0x140 vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 868: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kfree+0xf3/0x3e0 svc_export_put+0x87/0xb0 [nfsd] cache_purge+0x17f/0x1f0 [sunrpc] nfsd_destroy_serv+0x226/0x2d0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e 2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`. However, `svc_export_put`/`expkey_put` will call path_put, which subsequently triggers a sleeping operation due to the following `dput`. ============================= WARNING: suspicious RCU usage 5.10.0-dirty #141 Not tainted ----------------------------- ... Call Trace: dump_stack+0x9a/0xd0 ___might_sleep+0x231/0x240 dput+0x39/0x600 path_put+0x1b/0x30 svc_export_put+0x17/0x80 e_show+0x1c9/0x200 seq_read_iter+0x63f/0x7c0 seq_read+0x226/0x2d0 vfs_read+0x113/0x2c0 ksys_read+0xc9/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Fix these issues by using `rcu_work` to help release `svc_expkey`/`svc_export`. This approach allows for an asynchronous context to invoke `path_put` and also facilitates the freeing of `uuid/exp/key` after an RCU grace period. CVE-2024-53216 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53216.html CVE-2024-53216 https://bugzilla.suse.com/1235003 SUSE Bug 1235003 In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault. CVE-2024-53217 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53217.html CVE-2024-53217 https://bugzilla.suse.com/1234999 SUSE Bug 1234999 In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in comp_algorithm_show() LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __pi_strcmp+0x24/0x140 lr : zcomp_available_show+0x60/0x100 [zram] sp : ffff800088b93b90 x29: ffff800088b93b90 x28: 0000000000000001 x27: 0000000000400cc0 x26: 0000000000000ffe x25: ffff80007b3e2388 x24: 0000000000000000 x23: ffff80007b3e2390 x22: ffff0004041a9000 x21: ffff80007b3e2900 x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: ffff80007b3e2900 x9 : ffff80007b3cb280 x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000040 x4 : 0000000000000000 x3 : 00656c722d6f7a6c x2 : 0000000000000000 x1 : ffff80007b3e2900 x0 : 0000000000000000 Call trace: __pi_strcmp+0x24/0x140 comp_algorithm_show+0x40/0x70 [zram] dev_attr_show+0x28/0x80 sysfs_kf_seq_show+0x90/0x140 kernfs_seq_show+0x34/0x48 seq_read_iter+0x1d4/0x4e8 kernfs_fop_read_iter+0x40/0x58 new_sync_read+0x9c/0x168 vfs_read+0x1a8/0x1f8 ksys_read+0x74/0x108 __arm64_sys_read+0x24/0x38 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0x138 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 The zram->comp_algs[ZRAM_PRIMARY_COMP] can be NULL in zram_add() if comp_algorithm_set() has not been called. User can access the zram device by sysfs after device_add_disk(), so there is a time window to trigger the NULL pointer dereference. Move it ahead device_add_disk() to make sure when user can access the zram device, it is ready. comp_algorithm_set() is protected by zram->init_lock in other places and no such problem. CVE-2024-53222 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53222.html CVE-2024-53222 https://bugzilla.suse.com/1234974 SUSE Bug 1234974 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Move events notifier registration to be after device registration Move pkey change work initialization and cleanup from device resources stage to notifier stage, since this is the stage which handles this work events. Fix a race between the device deregistration and pkey change work by moving MLX5_IB_STAGE_DEVICE_NOTIFIER to be after MLX5_IB_STAGE_IB_REG in order to ensure that the notifier is deregistered before the device during cleanup. Which ensures there are no works that are being executed after the device has already unregistered which can cause the panic below. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 630071 Comm: kworker/1:2 Kdump: loaded Tainted: G W OE --------- --- 5.14.0-162.6.1.el9_1.x86_64 #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 02/27/2023 Workqueue: events pkey_change_handler [mlx5_ib] RIP: 0010:setup_qp+0x38/0x1f0 [mlx5_ib] Code: ee 41 54 45 31 e4 55 89 f5 53 48 89 fb 48 83 ec 20 8b 77 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 48 8b 07 48 8d 4c 24 16 <4c> 8b 38 49 8b 87 80 0b 00 00 4c 89 ff 48 8b 80 08 05 00 00 8b 40 RSP: 0018:ffffbcc54068be20 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff954054494128 RCX: ffffbcc54068be36 RDX: ffff954004934000 RSI: 0000000000000001 RDI: ffff954054494128 RBP: 0000000000000023 R08: ffff954001be2c20 R09: 0000000000000001 R10: ffff954001be2c20 R11: ffff9540260133c0 R12: 0000000000000000 R13: 0000000000000023 R14: 0000000000000000 R15: ffff9540ffcb0905 FS: 0000000000000000(0000) GS:ffff9540ffc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010625c001 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mlx5_ib_gsi_pkey_change+0x20/0x40 [mlx5_ib] process_one_work+0x1e8/0x3c0 worker_thread+0x50/0x3b0 ? rescuer_thread+0x380/0x380 kthread+0x149/0x170 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 Modules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) mlx5_fwctl(OE) fwctl(OE) ib_uverbs(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlx_compat(OE) psample mlxfw(OE) tls knem(OE) netconsole nfsv3 nfs_acl nfs lockd grace fscache netfs qrtr rfkill sunrpc intel_rapl_msr intel_rapl_common rapl hv_balloon hv_utils i2c_piix4 pcspkr joydev fuse ext4 mbcache jbd2 sr_mod sd_mod cdrom t10_pi sg ata_generic pci_hyperv pci_hyperv_intf hyperv_drm drm_shmem_helper drm_kms_helper hv_storvsc syscopyarea hv_netvsc sysfillrect sysimgblt hid_hyperv fb_sys_fops scsi_transport_fc hyperv_keyboard drm ata_piix crct10dif_pclmul crc32_pclmul crc32c_intel libata ghash_clmulni_intel hv_vmbus serio_raw [last unloaded: ib_core] CR2: 0000000000000000 ---[ end trace f6f8be4eae12f7bc ]--- CVE-2024-53224 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53224.html CVE-2024-53224 https://bugzilla.suse.com/1235009 SUSE Bug 1235009 In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: <TASK> dump_stack_lvl+0x95/0xe0 print_report+0xcb/0x620 kasan_report+0xbd/0xf0 __lock_acquire+0x2aca/0x3a20 lock_acquire+0x19b/0x520 _raw_spin_lock+0x2b/0x40 attribute_container_unregister+0x30/0x160 fc_release_transport+0x19/0x90 [scsi_transport_fc] bfad_im_module_exit+0x23/0x60 [bfa] bfad_init+0xdb/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 fc_attach_transport+0x4f/0x4740 [scsi_transport_fc] bfad_im_module_init+0x17/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x38/0x50 kfree+0x212/0x480 bfad_im_module_init+0x7e/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Above issue happens as follows: bfad_init error = bfad_im_module_init() fc_release_transport(bfad_im_scsi_transport_template); if (error) goto ext; ext: bfad_im_module_exit(); fc_release_transport(bfad_im_scsi_transport_template); --> Trigger double release Don't call bfad_im_module_exit() if bfad_im_module_init() failed. CVE-2024-53227 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53227.html CVE-2024-53227 https://bugzilla.suse.com/1235011 SUSE Bug 1235011 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear. [ 920.617269] WARNING: CPU: 1 PID: 21 at drivers/infiniband/sw/rxe/rxe_comp.c:756 rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.617744] Modules linked in: rnbd_client(O) rtrs_client(O) rtrs_core(O) rdma_ucm rdma_cm iw_cm ib_cm crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel ib_uverbs ib_core loop brd null_blk ipv6 [ 920.618516] CPU: 1 PID: 21 Comm: ksoftirqd/1 Tainted: G O 6.1.113-storage+ #65 [ 920.618986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 920.619396] RIP: 0010:rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.619658] Code: 0f b6 84 24 3a 02 00 00 41 89 84 24 44 04 00 00 e9 2a f7 ff ff 39 ca bb 03 00 00 00 b8 0e 00 00 00 48 0f 45 d8 e9 15 f7 ff ff <0f> 0b e9 cb f8 ff ff 41 bf f5 ff ff ff e9 08 f8 ff ff 49 8d bc 24 [ 920.620482] RSP: 0018:ffff97b7c00bbc38 EFLAGS: 00010246 [ 920.620817] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000008 [ 920.621183] RDX: ffff960dc396ebc0 RSI: 0000000000005400 RDI: ffff960dc4e2fbac [ 920.621548] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffffac406450 [ 920.621884] R10: ffffffffac4060c0 R11: 0000000000000001 R12: ffff960dc4e2f800 [ 920.622254] R13: ffff960dc4e2f928 R14: ffff97b7c029c580 R15: 0000000000000000 [ 920.622609] FS: 0000000000000000(0000) GS:ffff960ef7d00000(0000) knlGS:0000000000000000 [ 920.622979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 920.623245] CR2: 00007fa056965e90 CR3: 00000001107f1000 CR4: 00000000000006e0 [ 920.623680] Call Trace: [ 920.623815] <TASK> [ 920.623933] ? __warn+0x79/0xc0 [ 920.624116] ? rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.624356] ? report_bug+0xfb/0x150 [ 920.624594] ? handle_bug+0x3c/0x60 [ 920.624796] ? exc_invalid_op+0x14/0x70 [ 920.624976] ? asm_exc_invalid_op+0x16/0x20 [ 920.625203] ? rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.625474] ? rxe_completer+0x329/0xcc0 [rdma_rxe] [ 920.625749] rxe_do_task+0x80/0x110 [rdma_rxe] [ 920.626037] rxe_requester+0x625/0xde0 [rdma_rxe] [ 920.626310] ? rxe_cq_post+0xe2/0x180 [rdma_rxe] [ 920.626583] ? do_complete+0x18d/0x220 [rdma_rxe] [ 920.626812] ? rxe_completer+0x1a3/0xcc0 [rdma_rxe] [ 920.627050] rxe_do_task+0x80/0x110 [rdma_rxe] [ 920.627285] tasklet_action_common.constprop.0+0xa4/0x120 [ 920.627522] handle_softirqs+0xc2/0x250 [ 920.627728] ? sort_range+0x20/0x20 [ 920.627942] run_ksoftirqd+0x1f/0x30 [ 920.628158] smpboot_thread_fn+0xc7/0x1b0 [ 920.628334] kthread+0xd6/0x100 [ 920.628504] ? kthread_complete_and_exit+0x20/0x20 [ 920.628709] ret_from_fork+0x1f/0x30 [ 920.628892] </TASK> CVE-2024-53229 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53229.html CVE-2024-53229 https://bugzilla.suse.com/1234905 SUSE Bug 1234905 In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference, so check NULL for cppc_get_cpu_cost(). CVE-2024-53230 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53230.html CVE-2024-53230 https://bugzilla.suse.com/1235976 SUSE Bug 1235976 In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference. CVE-2024-53231 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53231.html CVE-2024-53231 https://bugzilla.suse.com/1235977 SUSE Bug 1235977 In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug __iommu_group_set_domain_nofail() attaching the default domain fails when the platform no longer recognizes the device as it has already been removed and we end up with a NULL domain pointer and UAF. This is exactly the case referred to in the second comment in __iommu_device_set_domain() and just as stated there if we can instead attach the blocking domain the UAF is prevented as this can handle the already removed device. Implement the blocking domain to use this handling. With this change, the crash is fixed but we still hit a warning attempting to change DMA ownership on a blocked device. CVE-2024-53232 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53232.html CVE-2024-53232 https://bugzilla.suse.com/1235050 SUSE Bug 1235050 In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbol_put(). If an unsupported version is requested, symbol_put() fails like this: kernel BUG at kernel/module/main.c:786! RIP: 0010:__symbol_put+0x93/0xb0 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x65/0x80 ? __symbol_put+0x93/0xb0 ? exc_invalid_op+0x51/0x70 ? __symbol_put+0x93/0xb0 ? asm_exc_invalid_op+0x1a/0x20 ? __pfx_cmp_name+0x10/0x10 ? __symbol_put+0x93/0xb0 ? __symbol_put+0x62/0xb0 utf8_load+0xf8/0x150 That happens because symbol_put() expects the unique string that identify the symbol, instead of a pointer to the loaded symbol. Fix that by using such string. CVE-2024-53233 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53233.html CVE-2024-53233 https://bugzilla.suse.com/1235046 SUSE Bug 1235046 In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [inline] Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. Previously, it would immediately bail out if delta[1]==0, which led to inadequate decompressed lengths (thus FIEMAP is impacted). Treat it as delta[1]=1 to work around these legacy mkfs versions. `lclusterbits > 14` is illegal for compact indexes, error out too. CVE-2024-53234 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53234.html CVE-2024-53234 https://bugzilla.suse.com/1235045 SUSE Bug 1235045 In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later found to have invalid options set for the TX metadata, the new skb is never freed. This can leak skbs until the send buffer is full which makes sending more packets impossible. Fix this by freeing the skb in the error path if we are currently dealing with the first frag, i.e., an skb allocated in this iteration of xsk_build_skb. CVE-2024-53236 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53236.html CVE-2024-53236 https://bugzilla.suse.com/1235000 SUSE Bug 1235000 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child() Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980 CPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x100/0x190 ? device_for_each_child+0x18f/0x1a0 print_report+0x13a/0x4cb ? __virt_addr_valid+0x5e/0x590 ? __phys_addr+0xc6/0x150 ? device_for_each_child+0x18f/0x1a0 kasan_report+0xda/0x110 ? device_for_each_child+0x18f/0x1a0 ? __pfx_dev_memalloc_noio+0x10/0x10 device_for_each_child+0x18f/0x1a0 ? __pfx_device_for_each_child+0x10/0x10 pm_runtime_set_memalloc_noio+0xf2/0x180 netdev_unregister_kobject+0x1ed/0x270 unregister_netdevice_many_notify+0x123c/0x1d80 ? __mutex_trylock_common+0xde/0x250 ? __pfx_unregister_netdevice_many_notify+0x10/0x10 ? trace_contention_end+0xe6/0x140 ? __mutex_lock+0x4e7/0x8f0 ? __pfx_lock_acquire.part.0+0x10/0x10 ? rcu_is_watching+0x12/0xc0 ? unregister_netdev+0x12/0x30 unregister_netdevice_queue+0x30d/0x3f0 ? __pfx_unregister_netdevice_queue+0x10/0x10 ? __pfx_down_write+0x10/0x10 unregister_netdev+0x1c/0x30 bnep_session+0x1fb3/0x2ab0 ? __pfx_bnep_session+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? __pfx_woken_wake_function+0x10/0x10 ? __kthread_parkme+0x132/0x200 ? __pfx_bnep_session+0x10/0x10 ? kthread+0x13a/0x370 ? __pfx_bnep_session+0x10/0x10 kthread+0x2b7/0x370 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x48/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 4974: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 __kmalloc_noprof+0x1d1/0x440 hci_alloc_dev_priv+0x1d/0x2820 __vhci_create_device+0xef/0x7d0 vhci_write+0x2c7/0x480 vfs_write+0x6a0/0xfc0 ksys_write+0x12f/0x260 do_syscall_64+0xc7/0x250 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 4979: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x4f/0x70 kfree+0x141/0x490 hci_release_dev+0x4d9/0x600 bt_host_release+0x6a/0xb0 device_release+0xa4/0x240 kobject_put+0x1ec/0x5a0 put_device+0x1f/0x30 vhci_release+0x81/0xf0 __fput+0x3f6/0xb30 task_work_run+0x151/0x250 do_exit+0xa79/0x2c30 do_group_exit+0xd5/0x2a0 get_signal+0x1fcd/0x2210 arch_do_signal_or_restart+0x93/0x780 syscall_exit_to_user_mode+0x140/0x290 do_syscall_64+0xd4/0x250 entry_SYSCALL_64_after_hwframe+0x77/0x7f In 'hci_conn_del_sysfs()', 'device_unregister()' may be called when an underlying (kobject) reference counter is greater than 1. This means that reparenting (happened when the device is actually freed) is delayed and, during that delay, parent controller device (hciX) may be deleted. Since the latter may create a dangling pointer to freed parent, avoid that scenario by reparenting to NULL explicitly. CVE-2024-53237 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53237.html CVE-2024-53237 https://bugzilla.suse.com/1235007 SUSE Bug 1235007 https://bugzilla.suse.com/1235008 SUSE Bug 1235008 In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback. CVE-2024-53239 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53239.html CVE-2024-53239 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1235054 SUSE Bug 1235054 https://bugzilla.suse.com/1235055 SUSE Bug 1235055 In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240. CVE-2024-53240 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53240.html CVE-2024-53240 https://bugzilla.suse.com/1234281 SUSE Bug 1234281 In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. CVE-2024-53241 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53241.html CVE-2024-53241 https://bugzilla.suse.com/1234282 SUSE Bug 1234282 In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and fail with ENAMETOOLONG instead. CVE-2024-53685 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53685.html CVE-2024-53685 https://bugzilla.suse.com/1235720 SUSE Bug 1235720 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-53690 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-53690.html CVE-2024-53690 https://bugzilla.suse.com/1235842 SUSE Bug 1235842 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-54680 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-54680.html CVE-2024-54680 https://bugzilla.suse.com/1235723 SUSE Bug 1235723 In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitch_device structure is used at several driver locations. So passing this node to of_node_put() after the first use is wrong. Move of_node_put() for this node to exit paths. CVE-2024-55639 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-55639.html CVE-2024-55639 https://bugzilla.suse.com/1235737 SUSE Bug 1235737 https://bugzilla.suse.com/1235738 SUSE Bug 1235738 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit mode as the vCPU state needed to detect 64-bit mode is unavailable. Hacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE hypercall via VMGEXIT trips the WARN: ------------[ cut here ]------------ WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm] Modules linked in: kvm_amd kvm ... [last unloaded: kvm] CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470 Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024 RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm] Call Trace: <TASK> kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm] kvm_vcpu_ioctl+0x54f/0x630 [kvm] __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> ---[ end trace 0000000000000000 ]--- CVE-2024-55881 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-55881.html CVE-2024-55881 https://bugzilla.suse.com/1235745 SUSE Bug 1235745 In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP (or VSS) daemon starts before the VMBus channel's ringbuffer is fully initialized, we can hit the panic below: hv_utils: Registering HyperV Utility Driver hv_vmbus: registering driver hv_utils ... BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 44 UID: 0 PID: 2552 Comm: hv_kvp_daemon Tainted: G E 6.11.0-rc3+ #1 RIP: 0010:hv_pkt_iter_first+0x12/0xd0 Call Trace: ... vmbus_recvpacket hv_kvp_onchannelcallback vmbus_on_event tasklet_action_common tasklet_action handle_softirqs irq_exit_rcu sysvec_hyperv_stimer0 </IRQ> <TASK> asm_sysvec_hyperv_stimer0 ... kvp_register_done hvt_op_read vfs_read ksys_read __x64_sys_read This can happen because the KVP/VSS channel callback can be invoked even before the channel is fully opened: 1) as soon as hv_kvp_init() -> hvutil_transport_init() creates /dev/vmbus/hv_kvp, the kvp daemon can open the device file immediately and register itself to the driver by writing a message KVP_OP_REGISTER1 to the file (which is handled by kvp_on_msg() ->kvp_handle_handshake()) and reading the file for the driver's response, which is handled by hvt_op_read(), which calls hvt->on_read(), i.e. kvp_register_done(). 2) the problem with kvp_register_done() is that it can cause the channel callback to be called even before the channel is fully opened, and when the channel callback is starting to run, util_probe()-> vmbus_open() may have not initialized the ringbuffer yet, so the callback can hit the panic of NULL pointer dereference. To reproduce the panic consistently, we can add a "ssleep(10)" for KVP in __vmbus_open(), just before the first hv_ringbuffer_init(), and then we unload and reload the driver hv_utils, and run the daemon manually within the 10 seconds. Fix the panic by reordering the steps in util_probe() so the char dev entry used by the KVP or VSS daemon is not created until after vmbus_open() has completed. This reordering prevents the race condition from happening. CVE-2024-55916 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-55916.html CVE-2024-55916 https://bugzilla.suse.com/1235747 SUSE Bug 1235747 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56369 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56369.html CVE-2024-56369 https://bugzilla.suse.com/1235750 SUSE Bug 1235750 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56372 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56372.html CVE-2024-56372 https://bugzilla.suse.com/1235753 SUSE Bug 1235753 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56531 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56531.html CVE-2024-56531 https://bugzilla.suse.com/1235057 SUSE Bug 1235057 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56532 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56532.html CVE-2024-56532 https://bugzilla.suse.com/1235059 SUSE Bug 1235059 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56533 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56533.html CVE-2024-56533 https://bugzilla.suse.com/1235053 SUSE Bug 1235053 In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis to cause a potential NULL dereference, fix this! CVE-2024-56536 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56536.html CVE-2024-56536 https://bugzilla.suse.com/1234911 SUSE Bug 1234911 In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_kms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace accesses to result in an error without further calls into this driver's internals. CVE-2024-56538 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56538.html CVE-2024-56538 https://bugzilla.suse.com/1235051 SUSE Bug 1235051 In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex] The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like: ssid_len = user_scan_in->ssid_list[i].ssid_len; [...] memcpy(wildcard_ssid_tlv->ssid, user_scan_in->ssid_list[i].ssid, ssid_len); There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed. CVE-2024-56539 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56539.html CVE-2024-56539 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1234963 SUSE Bug 1234963 https://bugzilla.suse.com/1234964 SUSE Bug 1234964 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core halts, dp cleanup is done for all the peers. While cleanup, rx_tid::ab is accessed which causes below stack trace for self peer. WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851 Call Trace: __warn+0x7b/0x1a0 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] report_bug+0x10b/0x200 handle_bug+0x3f/0x70 exc_invalid_op+0x13/0x60 asm_exc_invalid_op+0x16/0x20 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] ath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k] ath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k] ath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k] ath12k_core_halt+0x3b/0x100 [ath12k] ath12k_core_reset+0x494/0x4c0 [ath12k] sta object in peer will be updated when remote peer is created. Hence use peer::sta to detect the self peer and skip the cleanup. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 CVE-2024-56543 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56543.html CVE-2024-56543 https://bugzilla.suse.com/1235065 SUSE Bug 1235065 In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the error handling path. CVE-2024-56546 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56546.html CVE-2024-56546 https://bugzilla.suse.com/1235070 SUSE Bug 1235070 In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a new min_io_size initally set to sb_min_blocksize works for the purposes of the original fix, since it will be set to the max between HFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the max between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not initialized. Tested by mounting an hfsplus filesystem with loop block sizes 512, 1024 and 4096. The produced KASAN report before the fix looks like this: [ 419.944641] ================================================================== [ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Call Trace: [ 419.950384] <TASK> [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.951830] print_report+0x14c/0x49e [ 419.952361] ? __virt_addr_valid+0x267/0x278 [ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d [ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.954231] kasan_report+0x89/0xb0 [ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.955367] hfsplus_read_wrapper+0x659/0xa0a [ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 [ 419.957214] ? _raw_spin_unlock+0x1a/0x2e [ 419.957772] hfsplus_fill_super+0x348/0x1590 [ 419.958355] ? hlock_class+0x4c/0x109 [ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.959499] ? __pfx_string+0x10/0x10 [ 419.960006] ? lock_acquire+0x3e2/0x454 [ 419.960532] ? bdev_name.constprop.0+0xce/0x243 [ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 [ 419.961799] ? pointer+0x3f0/0x62f [ 419.962277] ? __pfx_pointer+0x10/0x10 [ 419.962761] ? vsnprintf+0x6c4/0xfba [ 419.963178] ? __pfx_vsnprintf+0x10/0x10 [ 419.963621] ? setup_bdev_super+0x376/0x3b3 [ 419.964029] ? snprintf+0x9d/0xd2 [ 419.964344] ? __pfx_snprintf+0x10/0x10 [ 419.964675] ? lock_acquired+0x45c/0x5e9 [ 419.965016] ? set_blocksize+0x139/0x1c1 [ 419.965381] ? sb_set_blocksize+0x6d/0xae [ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.966179] mount_bdev+0x12f/0x1bf [ 419.966512] ? __pfx_mount_bdev+0x10/0x10 [ 419.966886] ? vfs_parse_fs_string+0xce/0x111 [ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 [ 419.968073] legacy_get_tree+0x104/0x178 [ 419.968414] vfs_get_tree+0x86/0x296 [ 419.968751] path_mount+0xba3/0xd0b [ 419.969157] ? __pfx_path_mount+0x10/0x10 [ 419.969594] ? kmem_cache_free+0x1e2/0x260 [ 419.970311] do_mount+0x99/0xe0 [ 419.970630] ? __pfx_do_mount+0x10/0x10 [ 419.971008] __do_sys_mount+0x199/0x1c9 [ 419.971397] do_syscall_64+0xd0/0x135 [ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 419.972233] RIP: 0033:0x7c3cb812972e [ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48 [ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e [ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: ---truncated--- CVE-2024-56548 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56548.html CVE-2024-56548 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1235073 SUSE Bug 1235073 https://bugzilla.suse.com/1235074 SUSE Bug 1235074 In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_cookie if (!file) return -ENOBUFS cachefiles_clean_up_object cachefiles_unmark_inode_in_use fput(object->file) object->file = NULL // file NULL pointer dereference! __cachefiles_write(..., file, ...) Fix this issue by add an additional reference count to the object->file before write/llseek, and decrement after it finished. CVE-2024-56549 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56549.html CVE-2024-56549 https://bugzilla.suse.com/1234912 SUSE Bug 1234912 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147 [ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1 [ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000016] Call Trace: [ +0.000008] <TASK> [ +0.000009] dump_stack_lvl+0x76/0xa0 [ +0.000017] print_report+0xce/0x5f0 [ +0.000017] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000019] ? srso_return_thunk+0x5/0x5f [ +0.000015] ? kasan_complete_mode_report_info+0x72/0x200 [ +0.000016] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000019] kasan_report+0xbe/0x110 [ +0.000015] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000023] __asan_report_load8_noabort+0x14/0x30 [ +0.000014] drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000020] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? __kasan_check_write+0x14/0x30 [ +0.000016] ? __pfx_drm_sched_entity_flush+0x10/0x10 [gpu_sched] [ +0.000020] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? __kasan_check_write+0x14/0x30 [ +0.000013] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? enable_work+0x124/0x220 [ +0.000015] ? __pfx_enable_work+0x10/0x10 [ +0.000013] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? free_large_kmalloc+0x85/0xf0 [ +0.000016] drm_sched_entity_destroy+0x18/0x30 [gpu_sched] [ +0.000020] amdgpu_vce_sw_fini+0x55/0x170 [amdgpu] [ +0.000735] ? __kasan_check_read+0x11/0x20 [ +0.000016] vce_v4_0_sw_fini+0x80/0x110 [amdgpu] [ +0.000726] amdgpu_device_fini_sw+0x331/0xfc0 [amdgpu] [ +0.000679] ? mutex_unlock+0x80/0xe0 [ +0.000017] ? __pfx_amdgpu_device_fini_sw+0x10/0x10 [amdgpu] [ +0.000662] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? __kasan_check_write+0x14/0x30 [ +0.000013] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? mutex_unlock+0x80/0xe0 [ +0.000016] amdgpu_driver_release_kms+0x16/0x80 [amdgpu] [ +0.000663] drm_minor_release+0xc9/0x140 [drm] [ +0.000081] drm_release+0x1fd/0x390 [drm] [ +0.000082] __fput+0x36c/0xad0 [ +0.000018] __fput_sync+0x3c/0x50 [ +0.000014] __x64_sys_close+0x7d/0xe0 [ +0.000014] x64_sys_call+0x1bc6/0x2680 [ +0.000014] do_syscall_64+0x70/0x130 [ +0.000014] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? irqentry_exit_to_user_mode+0x60/0x190 [ +0.000015] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? irqentry_exit+0x43/0x50 [ +0.000012] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? exc_page_fault+0x7c/0x110 [ +0.000015] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ +0.000014] RIP: 0033:0x7ffff7b14f67 [ +0.000013] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff [ +0.000026] RSP: 002b:00007fffffffe378 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ +0.000019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffff7b14f67 [ +0.000014] RDX: 0000000000000000 RSI: 00007ffff7f6f47a RDI: 0000000000000003 [ +0.000014] RBP: 00007fffffffe3a0 R08: 0000555555569890 R09: 0000000000000000 [ +0.000014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffffffe5c8 [ +0.000013] R13: 00005555555552a9 R14: 0000555555557d48 R15: 00007ffff7ffd040 [ +0.000020] </TASK> [ +0.000016] Allocated by task 383 on cpu 7 at 26.880319s: [ +0.000014] kasan_save_stack+0x28/0x60 [ +0.000008] kasan_save_track+0x18/0x70 [ +0.000007] kasan_save_alloc_info+0x38/0x60 [ +0.000007] __kasan_kmalloc+0xc1/0xd0 [ +0.000007] kmalloc_trace_noprof+0x180/0x380 [ +0.000007] drm_sched_init+0x411/0xec0 [gpu_sched] [ +0.000012] amdgpu_device_init+0x695f/0xa610 [amdgpu] [ +0.000658] amdgpu_driver_load_kms+0x1a/0x120 [amdgpu] [ +0.000662] amdgpu_pci_p ---truncated--- CVE-2024-56551 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56551.html CVE-2024-56551 https://bugzilla.suse.com/1235075 SUSE Bug 1235075 https://bugzilla.suse.com/1235102 SUSE Bug 1235102 In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). CVE-2024-56557 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56557.html CVE-2024-56557 https://bugzilla.suse.com/1235122 SUSE Bug 1235122 In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 819 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 ... Call Trace: <TASK> e_show+0x20b/0x230 [nfsd] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2024-56558 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56558.html CVE-2024-56558 https://bugzilla.suse.com/1235100 SUSE Bug 1235100 https://bugzilla.suse.com/1243648 SUSE Bug 1243648 In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "init_dyn_addr". CVE-2024-56562 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56562.html CVE-2024-56562 https://bugzilla.suse.com/1234930 SUSE Bug 1234930 In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> CVE-2024-56566 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56566.html CVE-2024-56566 https://bugzilla.suse.com/1235033 SUSE Bug 1235033 https://bugzilla.suse.com/1235034 SUSE Bug 1235034 In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero. CVE-2024-56567 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56567.html CVE-2024-56567 https://bugzilla.suse.com/1234916 SUSE Bug 1234916 In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. [will: Add comment] CVE-2024-56568 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56568.html CVE-2024-56568 https://bugzilla.suse.com/1235032 SUSE Bug 1235032 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f ("ftrace: Fix regression with module command in stack_trace_filter") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash. CVE-2024-56569 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56569.html CVE-2024-56569 https://bugzilla.suse.com/1235031 SUSE Bug 1235031 In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause errors in overlayfs when passed to the lowerstack. CVE-2024-56570 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56570.html CVE-2024-56570 https://bugzilla.suse.com/1235035 SUSE Bug 1235035 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-56571 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56571.html CVE-2024-56571 https://bugzilla.suse.com/1235037 SUSE Bug 1235037 In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate this, free the buffer when allegro_alloc_buffer fails. CVE-2024-56572 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56572.html CVE-2024-56572 https://bugzilla.suse.com/1235043 SUSE Bug 1235043 In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool(). CVE-2024-56573 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56573.html CVE-2024-56573 https://bugzilla.suse.com/1235042 SUSE Bug 1235042 In the Linux kernel, the following vulnerability has been resolved: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN reported a null-ptr-deref issue when executing the following command: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd Not tainted 6.12.0-rc2+ #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020] RSP: 0018:ffffc9000abbf598 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffffc0714809 RDX: 0000000000000002 RSI: ffff88811550be00 RDI: 0000000000000010 RBP: ffff888109868800 R08: 0000000000000001 R09: fffff52001577eb6 R10: 0000000000000000 R11: ffffc9000abbff50 R12: ffffffffc0714790 R13: 1ffff92001577eb8 R14: ffffffffc07190d0 R15: 0000000000000001 FS: 00007f95f13b98c0(0000) GS:ffff888149280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555d2634b000 CR3: 0000000152236000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ts2020_probe+0xad/0xe10 [ts2020] i2c_device_probe+0x421/0xb40 really_probe+0x266/0x850 ... The cause of the problem is that when using sysfs to dynamically register an i2c device, there is no platform data, but the probe process of ts2020 needs to use platform data, resulting in a null pointer being accessed. Solve this problem by adding checks to platform data. CVE-2024-56574 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56574.html CVE-2024-56574 https://bugzilla.suse.com/1235040 SUSE Bug 1235040 In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, dev_pm_domain_detach() requires the caller to ensure proper synchronization of this function with power management callbacks. otherwise the detach may led to kernel panic, like below: [ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 [ 1457.116777] Mem abort info: [ 1457.119589] ESR = 0x0000000096000004 [ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits [ 1457.128692] SET = 0, FnV = 0 [ 1457.131764] EA = 0, S1PTW = 0 [ 1457.134920] FSC = 0x04: level 0 translation fault [ 1457.139812] Data abort info: [ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1457.148196] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1457.153256] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000 [ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000 [ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec] [ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66 [ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT) [ 1457.199236] Workqueue: pm pm_runtime_work [ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290 [ 1457.214886] lr : __rpm_callback+0x48/0x1d8 [ 1457.218968] sp : ffff80008250bc50 [ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000 [ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240 [ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008 [ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff [ 1457.250766] x17: 5300326563697665 x16: 645f676e696c6f6f x15: 63343a6d726f6674 [ 1457.257890] x14: 0000000000000004 x13: 00000000000003a4 x12: 0000000000000002 [ 1457.265014] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff80008250bbb0 [ 1457.272138] x8 : ffff000092937200 x7 : ffff0003fdf6af80 x6 : 0000000000000000 [ 1457.279262] x5 : 00000000410fd050 x4 : 0000000000200000 x3 : 0000000000000000 [ 1457.286386] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00008590f000 [ 1457.293510] Call trace: [ 1457.295946] genpd_runtime_suspend+0x20/0x290 [ 1457.300296] __rpm_callback+0x48/0x1d8 [ 1457.304038] rpm_callback+0x6c/0x78 [ 1457.307515] rpm_suspend+0x10c/0x570 [ 1457.311077] pm_runtime_work+0xc4/0xc8 [ 1457.314813] process_one_work+0x138/0x248 [ 1457.318816] worker_thread+0x320/0x438 [ 1457.322552] kthread+0x110/0x114 [ 1457.325767] ret_from_fork+0x10/0x20 CVE-2024-56575 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56575.html CVE-2024-56575 https://bugzilla.suse.com/1235039 SUSE Bug 1235039 In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix crash in the probe error path when using polling If an error occurs in the probe() function, we should remove the polling timer that was alarmed earlier, otherwise the timer is called with arguments that are already freed, which results in a crash. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268 Modules linked in: CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) pstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __run_timers+0x244/0x268 lr : __run_timers+0x1d4/0x268 sp : ffffff80eff2baf0 x29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00 x26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00 x23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000 x20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff x17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e x14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000 x11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009 x8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480 x5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240 x2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0 Call trace: __run_timers+0x244/0x268 timer_expire_remote+0x50/0x68 tmigr_handle_remote+0x388/0x39c run_timer_softirq+0x38/0x44 handle_softirqs+0x138/0x298 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x24/0x4c do_softirq_own_stack+0x1c/0x2c irq_exit_rcu+0x9c/0xcc el1_interrupt+0x48/0xc0 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x7c/0x80 default_idle_call+0x34/0x68 do_idle+0x23c/0x294 cpu_startup_entry+0x38/0x3c secondary_start_kernel+0x128/0x160 __secondary_switched+0xb8/0xbc ---[ end trace 0000000000000000 ]--- CVE-2024-56576 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56576.html CVE-2024-56576 https://bugzilla.suse.com/1235019 SUSE Bug 1235019 In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtk_jpeg_core.c since commit 09aea13ecf6f ("media: mtk-jpeg: refactor some variables"), otherwise the below calltrace can be easily triggered. [ 677.862514] Unable to handle kernel paging request at virtual address dfff800000000023 [ 677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] ... [ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: G O 6.8.12-mtk+gfa1a78e5d24b+ #17 ... [ 677.882838] pc : destroy_workqueue+0x3c/0x770 [ 677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.884314] sp : ffff80008ad974f0 [ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070 [ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690 [ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000 [ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0 [ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10 [ 677.889361] x14: 00000000f1f1f1f1 x13: 0000000000000000 x12: ffff7000115b2e4d [ 677.890285] x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9 : ffff80000aa43e90 [ 677.891208] x8 : 00008fffeea4d1b4 x7 : ffff80008ad97267 x6 : 0000000000000001 [ 677.892131] x5 : ffff80008ad97260 x4 : ffff7000115b2e4d x3 : 0000000000000000 [ 677.893054] x2 : 0000000000000023 x1 : dfff800000000000 x0 : 0000000000000118 [ 677.893977] Call trace: [ 677.894297] destroy_workqueue+0x3c/0x770 [ 677.894826] mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.895677] devm_action_release+0x50/0x90 [ 677.896211] release_nodes+0xe8/0x170 [ 677.896688] devres_release_all+0xf8/0x178 [ 677.897219] device_unbind_cleanup+0x24/0x170 [ 677.897785] device_release_driver_internal+0x35c/0x480 [ 677.898461] device_release_driver+0x20/0x38 ... [ 677.912665] ---[ end trace 0000000000000000 ]--- CVE-2024-56577 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56577.html CVE-2024-56577 https://bugzilla.suse.com/1235112 SUSE Bug 1235112 In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to oops. CVE-2024-56578 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56578.html CVE-2024-56578 https://bugzilla.suse.com/1235115 SUSE Bug 1235115 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free in btrfs_encoded_read_endio() Shinichiro reported the following use-after free that sometimes is happening in our CI system when running fstests' btrfs/284 on a TCMU runner device: BUG: KASAN: slab-use-after-free in lock_release+0x708/0x780 Read of size 8 at addr ffff888106a83f18 by task kworker/u80:6/219 CPU: 8 UID: 0 PID: 219 Comm: kworker/u80:6 Not tainted 6.12.0-rc6-kts+ #15 Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020 Workqueue: btrfs-endio btrfs_end_bio_work [btrfs] Call Trace: <TASK> dump_stack_lvl+0x6e/0xa0 ? lock_release+0x708/0x780 print_report+0x174/0x505 ? lock_release+0x708/0x780 ? __virt_addr_valid+0x224/0x410 ? lock_release+0x708/0x780 kasan_report+0xda/0x1b0 ? lock_release+0x708/0x780 ? __wake_up+0x44/0x60 lock_release+0x708/0x780 ? __pfx_lock_release+0x10/0x10 ? __pfx_do_raw_spin_lock+0x10/0x10 ? lock_is_held_type+0x9a/0x110 _raw_spin_unlock_irqrestore+0x1f/0x60 __wake_up+0x44/0x60 btrfs_encoded_read_endio+0x14b/0x190 [btrfs] btrfs_check_read_bio+0x8d9/0x1360 [btrfs] ? lock_release+0x1b0/0x780 ? trace_lock_acquire+0x12f/0x1a0 ? __pfx_btrfs_check_read_bio+0x10/0x10 [btrfs] ? process_one_work+0x7e3/0x1460 ? lock_acquire+0x31/0xc0 ? process_one_work+0x7e3/0x1460 process_one_work+0x85c/0x1460 ? __pfx_process_one_work+0x10/0x10 ? assign_work+0x16c/0x240 worker_thread+0x5e6/0xfc0 ? __pfx_worker_thread+0x10/0x10 kthread+0x2c3/0x3a0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 3661: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 btrfs_encoded_read_regular_fill_pages+0x16c/0x6d0 [btrfs] send_extent_data+0xf0f/0x24a0 [btrfs] process_extent+0x48a/0x1830 [btrfs] changed_cb+0x178b/0x2ea0 [btrfs] btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs] _btrfs_ioctl_send+0x117/0x330 [btrfs] btrfs_ioctl+0x184a/0x60a0 [btrfs] __x64_sys_ioctl+0x12e/0x1a0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 3661: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70 __kasan_slab_free+0x4f/0x70 kfree+0x143/0x490 btrfs_encoded_read_regular_fill_pages+0x531/0x6d0 [btrfs] send_extent_data+0xf0f/0x24a0 [btrfs] process_extent+0x48a/0x1830 [btrfs] changed_cb+0x178b/0x2ea0 [btrfs] btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs] _btrfs_ioctl_send+0x117/0x330 [btrfs] btrfs_ioctl+0x184a/0x60a0 [btrfs] __x64_sys_ioctl+0x12e/0x1a0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e The buggy address belongs to the object at ffff888106a83f00 which belongs to the cache kmalloc-rnd-07-96 of size 96 The buggy address is located 24 bytes inside of freed 96-byte region [ffff888106a83f00, ffff888106a83f60) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888106a83800 pfn:0x106a83 flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) page_type: f5(slab) raw: 0017ffffc0000000 ffff888100053680 ffffea0004917200 0000000000000004 raw: ffff888106a83800 0000000080200019 00000001f5000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888106a83e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ffff888106a83e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc >ffff888106a83f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ^ ffff888106a83f80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ffff888106a84000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Further analyzing the trace and ---truncated--- CVE-2024-56582 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56582.html CVE-2024-56582 https://bugzilla.suse.com/1235128 SUSE Bug 1235128 https://bugzilla.suse.com/1235129 SUSE Bug 1235129 In the Linux kernel, the following vulnerability has been resolved: io_uring/tctx: work around xa_store() allocation error issue syzbot triggered the following WARN_ON: WARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51 which is the WARN_ON_ONCE(!xa_empty(&tctx->xa)); sanity check in __io_uring_free() when a io_uring_task is going through its final put. The syzbot test case includes injecting memory allocation failures, and it very much looks like xa_store() can fail one of its memory allocations and end up with ->head being non-NULL even though no entries exist in the xarray. Until this issue gets sorted out, work around it by attempting to iterate entries in our xarray, and WARN_ON_ONCE() if one is found. CVE-2024-56584 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56584.html CVE-2024-56584 https://bugzilla.suse.com/1235117 SUSE Bug 1235117 In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightness_show() with led_cdev->led_access mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer issue. Use mutex led_cdev->led_access to protect access to led->cdev and its attribute inside brightness_show() and max_brightness_show() and also update the comment for mutex that it should be used to protect the led class device fields. Process A Process B kthread+0x114 worker_thread+0x244 process_scheduled_works+0x248 uhid_device_add_worker+0x24 hid_add_device+0x120 device_add+0x268 bus_probe_device+0x94 device_initial_probe+0x14 __device_attach+0xfc bus_for_each_drv+0x10c __device_attach_driver+0x14c driver_probe_device+0x3c __driver_probe_device+0xa0 really_probe+0x190 hid_device_probe+0x130 ps_probe+0x990 ps_led_register+0x94 devm_led_classdev_register_ext+0x58 led_classdev_register_ext+0x1f8 device_create_with_groups+0x48 device_create_groups_vargs+0xc8 device_add+0x244 kobject_uevent+0x14 kobject_uevent_env[jt]+0x224 mutex_unlock[jt]+0xc4 __mutex_unlock_slowpath+0xd4 wake_up_q+0x70 try_to_wake_up[jt]+0x48c preempt_schedule_common+0x28 __schedule+0x628 __switch_to+0x174 el0t_64_sync+0x1a8/0x1ac el0t_64_sync_handler+0x68/0xbc el0_svc+0x38/0x68 do_el0_svc+0x1c/0x28 el0_svc_common+0x80/0xe0 invoke_syscall+0x58/0x114 __arm64_sys_read+0x1c/0x2c ksys_read+0x78/0xe8 vfs_read+0x1e0/0x2c8 kernfs_fop_read_iter+0x68/0x1b4 seq_read_iter+0x158/0x4ec kernfs_seq_show+0x44/0x54 sysfs_kf_seq_show+0xb4/0x130 dev_attr_show+0x38/0x74 brightness_show+0x20/0x4c dualshock4_led_get_brightness+0xc/0x74 [ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 3313.874301][ T4013] Mem abort info: [ 3313.874303][ T4013] ESR = 0x0000000096000006 [ 3313.874305][ T4013] EC = 0x25: DABT (current EL), IL = 32 bits [ 3313.874307][ T4013] SET = 0, FnV = 0 [ 3313.874309][ T4013] EA = 0, S1PTW = 0 [ 3313.874311][ T4013] FSC = 0x06: level 2 translation fault [ 3313.874313][ T4013] Data abort info: [ 3313.874314][ T4013] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 3313.874316][ T4013] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 3313.874318][ T4013] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000 .. [ 3313.874332][ T4013] Dumping ftrace buffer: [ 3313.874334][ T4013] (ftrace buffer empty) .. .. [ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader [ 3313.874648][ T4013] pc : dualshock4_led_get_brightness+0xc/0x74 [ 3313.874653][ T4013] lr : led_update_brightness+0x38/0x60 [ 3313.874656][ T4013] sp : ffffffc0b910bbd0 .. .. [ 3313.874685][ T4013] Call trace: [ 3313.874687][ T4013] dualshock4_led_get_brightness+0xc/0x74 [ 3313.874690][ T4013] brightness_show+0x20/0x4c [ 3313.874692][ T4013] dev_attr_show+0x38/0x74 [ 3313.874696][ T4013] sysfs_kf_seq_show+0xb4/0x130 [ 3313.874700][ T4013] kernfs_seq_show+0x44/0x54 [ 3313.874703][ T4013] seq_read_iter+0x158/0x4ec [ 3313.874705][ T4013] kernfs_fop_read_iter+0x68/0x1b4 [ 3313.874708][ T4013] vfs_read+0x1e0/0x2c8 [ 3313.874711][ T4013] ksys_read+0x78/0xe8 [ 3313.874714][ T4013] __arm64_sys_read+0x1c/0x2c [ 3313.874718][ T4013] invoke_syscall+0x58/0x114 [ 3313.874721][ T4013] el0_svc_common+0x80/0xe0 [ 3313.874724][ T4013] do_el0_svc+0x1c/0x28 [ 3313.874727][ T4013] el0_svc+0x38/0x68 [ 3313.874730][ T4013] el0t_64_sync_handler+0x68/0xbc [ 3313.874732][ T4013] el0t_64_sync+0x1a8/0x1ac CVE-2024-56587 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56587.html CVE-2024-56587 https://bugzilla.suse.com/1235125 SUSE Bug 1235125 In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Create all dump files during debugfs initialization For the current debugfs of hisi_sas, after user triggers dump, the driver allocate memory space to save the register information and create debugfs files to display the saved information. In this process, the debugfs files created after each dump. Therefore, when the dump is triggered while the driver is unbind, the following hang occurs: [67840.853907] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [67840.862947] Mem abort info: [67840.865855] ESR = 0x0000000096000004 [67840.869713] EC = 0x25: DABT (current EL), IL = 32 bits [67840.875125] SET = 0, FnV = 0 [67840.878291] EA = 0, S1PTW = 0 [67840.881545] FSC = 0x04: level 0 translation fault [67840.886528] Data abort info: [67840.889524] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [67840.895117] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [67840.900284] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [67840.905709] user pgtable: 4k pages, 48-bit VAs, pgdp=0000002803a1f000 [67840.912263] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000 [67840.919177] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [67840.996435] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [67841.003628] pc : down_write+0x30/0x98 [67841.007546] lr : start_creating.part.0+0x60/0x198 [67841.012495] sp : ffff8000b979ba20 [67841.016046] x29: ffff8000b979ba20 x28: 0000000000000010 x27: 0000000000024b40 [67841.023412] x26: 0000000000000012 x25: ffff20202b355ae8 x24: ffff20202b35a8c8 [67841.030779] x23: ffffa36877928208 x22: ffffa368b4972240 x21: ffff8000b979bb18 [67841.038147] x20: ffff00281dc1e3c0 x19: fffffffffffffffe x18: 0000000000000020 [67841.045515] x17: 0000000000000000 x16: ffffa368b128a530 x15: ffffffffffffffff [67841.052888] x14: ffff8000b979bc18 x13: ffffffffffffffff x12: ffff8000b979bb18 [67841.060263] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa368b1289b18 [67841.067640] x8 : 0000000000000012 x7 : 0000000000000000 x6 : 00000000000003a9 [67841.075014] x5 : 0000000000000000 x4 : ffff002818c5cb00 x3 : 0000000000000001 [67841.082388] x2 : 0000000000000000 x1 : ffff002818c5cb00 x0 : 00000000000000a0 [67841.089759] Call trace: [67841.092456] down_write+0x30/0x98 [67841.096017] start_creating.part.0+0x60/0x198 [67841.100613] debugfs_create_dir+0x48/0x1f8 [67841.104950] debugfs_create_files_v3_hw+0x88/0x348 [hisi_sas_v3_hw] [67841.111447] debugfs_snapshot_regs_v3_hw+0x708/0x798 [hisi_sas_v3_hw] [67841.118111] debugfs_trigger_dump_v3_hw_write+0x9c/0x120 [hisi_sas_v3_hw] [67841.125115] full_proxy_write+0x68/0xc8 [67841.129175] vfs_write+0xd8/0x3f0 [67841.132708] ksys_write+0x70/0x108 [67841.136317] __arm64_sys_write+0x24/0x38 [67841.140440] invoke_syscall+0x50/0x128 [67841.144385] el0_svc_common.constprop.0+0xc8/0xf0 [67841.149273] do_el0_svc+0x24/0x38 [67841.152773] el0_svc+0x38/0xd8 [67841.156009] el0t_64_sync_handler+0xc0/0xc8 [67841.160361] el0t_64_sync+0x1a4/0x1a8 [67841.164189] Code: b9000882 d2800002 d2800023 f9800011 (c85ffc05) [67841.170443] ---[ end trace 0000000000000000 ]--- To fix this issue, create all directories and files during debugfs initialization. In this way, the driver only needs to allocate memory space to save information each time the user triggers dumping. CVE-2024-56588 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56588.html CVE-2024-56588 https://bugzilla.suse.com/1235123 SUSE Bug 1235123 In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0x8c/0xdc [ 214.579480][ C240] lr : fput+0x1c/0xf0 [ 214.583302][ C240] sp : ffff80002de2b900 [ 214.587298][ C240] x29: ffff80002de2b900 x28: ffff1082aa412000 [ 214.593291][ C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000 [ 214.599284][ C240] x25: ffff1062bbac5c40 x24: 0000000000001000 [ 214.605277][ C240] x23: 000000000000000a x22: 0000000000000001 [ 214.611270][ C240] x21: 0000000000001000 x20: 0000000000000000 [ 214.617262][ C240] x19: ffff3062a41ae580 x18: 0000000000010000 [ 214.623255][ C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0 [ 214.629248][ C240] x15: ffffffffffffffff x14: 0000000003ffffff [ 214.635241][ C240] x13: 000000000000ffff x12: 000000000000029c [ 214.641234][ C240] x11: 0000000000000006 x10: ffff80003a9f7fd0 [ 214.647226][ C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001 [ 214.653219][ C240] x7 : 0000000000000002 x6 : 0000000000000080 [ 214.659212][ C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554 [ 214.665205][ C240] x3 : 0000000000000002 x2 : 0000000000000020 [ 214.671198][ C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8 [ 214.677191][ C240] Call trace: [ 214.680320][ C240] fput_many+0x8c/0xdc [ 214.684230][ C240] fput+0x1c/0xf0 [ 214.687707][ C240] aio_complete_rw+0xd8/0x1fc [ 214.692225][ C240] blkdev_bio_end_io+0x98/0x140 [ 214.696917][ C240] bio_endio+0x160/0x1bc [ 214.701001][ C240] blk_update_request+0x1c8/0x3bc [ 214.705867][ C240] scsi_end_request+0x3c/0x1f0 [ 214.710471][ C240] scsi_io_completion+0x7c/0x1a0 [ 214.715249][ C240] scsi_finish_command+0x104/0x140 [ 214.720200][ C240] scsi_softirq_done+0x90/0x180 [ 214.724892][ C240] blk_mq_complete_request+0x5c/0x70 [ 214.730016][ C240] scsi_mq_done+0x48/0xac [ 214.734194][ C240] sas_scsi_task_done+0xbc/0x16c [libsas] [ 214.739758][ C240] slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw] [ 214.746185][ C240] cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw] [ 214.752179][ C240] irq_thread_fn+0x34/0xa4 [ 214.756435][ C240] irq_thread+0xc4/0x130 [ 214.760520][ C240] kthread+0x108/0x13c [ 214.764430][ C240] ret_from_fork+0x10/0x18 This is because in the hisi_sas driver, both the hardware interrupt handler and the interrupt thread are executed on the same CPU. In the performance test scenario, function irq_wait_for_interrupt() will always return 0 if lots of interrupts occurs and the CPU will be continuously consumed. As a result, the CPU cannot run the watchdog thread. When the watchdog time exceeds the specified time, call trace occurs. To fix it, add cond_resched() to execute the watchdog thread. CVE-2024-56589 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56589.html CVE-2024-56589 https://bugzilla.suse.com/1235241 SUSE Bug 1235241 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet This fixes not checking if skb really contains an ACL header otherwise the code may attempt to access some uninitilized/invalid memory past the valid skb->data. CVE-2024-56590 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56590.html CVE-2024-56590 https://bugzilla.suse.com/1235038 SUSE Bug 1235038 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sd_sgentry_align' value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue. The problem is the number of entries in the pre-allocated sgtable, it is nents = max(rxglom_size, txglom_size) + max(rxglom_size, txglom_size) >> 4 + 1. Given the default [rt]xglom_size=32 it's actually 35 which is too small. Worst case, the pkt queue can end up with 64 SKBs. This occurs when a new SKB is added for each original SKB if tailroom isn't enough to hold tail_pad. At least one sg entry is needed for each SKB. So, eventually the "skb_queue_walk loop" in brcmf_sdiod_sglist_rw may run out of sg entries. This makes sg_next return NULL and this causes the oops. The patch sets nents to max(rxglom_size, txglom_size) * 2 to be able handle the worst-case. Btw. this requires only 64-35=29 * 16 (or 20 if CONFIG_NEED_SG_DMA_LENGTH) = 464 additional bytes of memory. CVE-2024-56593 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56593.html CVE-2024-56593 https://bugzilla.suse.com/1235252 SUSE Bug 1235252 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct max_segment_size; otherwise debug_dma_map_sg() will complain about the over-mapping of the AMDGPU sg length as following: WARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debug_dma_map_sg+0x2dc/0x370 [ 364.049444] Modules linked in: veth amdgpu(OE) amdxcp drm_exec gpu_sched drm_buddy drm_ttm_helper ttm(OE) drm_suballoc_helper drm_display_helper drm_kms_helper i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc amd_atl intel_rapl_msr intel_rapl_common sunrpc sch_fq_codel snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd binfmt_misc snd_hda_codec snd_pci_acp6x snd_hda_core snd_acp_config snd_hwdep snd_soc_acpi kvm_amd snd_pcm kvm snd_seq_midi snd_seq_midi_event crct10dif_pclmul ghash_clmulni_intel sha512_ssse3 snd_rawmidi sha256_ssse3 sha1_ssse3 aesni_intel snd_seq nls_iso8859_1 crypto_simd snd_seq_device cryptd snd_timer rapl input_leds snd [ 364.049532] ipmi_devintf wmi_bmof ccp serio_raw k10temp sp5100_tco soundcore ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii [ 364.049576] CPU: 6 PID: 1964 Comm: rocminfo Tainted: G OE 6.10.0-custom #492 [ 364.049579] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021 [ 364.049582] RIP: 0010:debug_dma_map_sg+0x2dc/0x370 [ 364.049585] Code: 89 4d b8 e8 36 b1 86 00 8b 4d b8 48 8b 55 b0 44 8b 45 a8 4c 8b 4d a0 48 89 c6 48 c7 c7 00 4b 74 bc 4c 89 4d b8 e8 b4 73 f3 ff <0f> 0b 4c 8b 4d b8 8b 15 c8 2c b8 01 85 d2 0f 85 ee fd ff ff 8b 05 [ 364.049588] RSP: 0018:ffff9ca600b57ac0 EFLAGS: 00010286 [ 364.049590] RAX: 0000000000000000 RBX: ffff88b7c132b0c8 RCX: 0000000000000027 [ 364.049592] RDX: ffff88bb0f521688 RSI: 0000000000000001 RDI: ffff88bb0f521680 [ 364.049594] RBP: ffff9ca600b57b20 R08: 000000000000006f R09: ffff9ca600b57930 [ 364.049596] R10: ffff9ca600b57928 R11: ffffffffbcb46328 R12: 0000000000000000 [ 364.049597] R13: 0000000000000001 R14: ffff88b7c19c0700 R15: ffff88b7c9059800 [ 364.049599] FS: 00007fb2d3516e80(0000) GS:ffff88bb0f500000(0000) knlGS:0000000000000000 [ 364.049601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 364.049603] CR2: 000055610bd03598 CR3: 00000001049f6000 CR4: 0000000000350ef0 [ 364.049605] Call Trace: [ 364.049607] <TASK> [ 364.049609] ? show_regs+0x6d/0x80 [ 364.049614] ? __warn+0x8c/0x140 [ 364.049618] ? debug_dma_map_sg+0x2dc/0x370 [ 364.049621] ? report_bug+0x193/0x1a0 [ 364.049627] ? handle_bug+0x46/0x80 [ 364.049631] ? exc_invalid_op+0x1d/0x80 [ 364.049635] ? asm_exc_invalid_op+0x1f/0x30 [ 364.049642] ? debug_dma_map_sg+0x2dc/0x370 [ 364.049647] __dma_map_sg_attrs+0x90/0xe0 [ 364.049651] dma_map_sgtable+0x25/0x40 [ 364.049654] amdgpu_bo_move+0x59a/0x850 [amdgpu] [ 364.049935] ? srso_return_thunk+0x5/0x5f [ 364.049939] ? amdgpu_ttm_tt_populate+0x5d/0xc0 [amdgpu] [ 364.050095] ttm_bo_handle_move_mem+0xc3/0x180 [ttm] [ 364.050103] ttm_bo_validate+0xc1/0x160 [ttm] [ 364.050108] ? amdgpu_ttm_tt_get_user_pages+0xe5/0x1b0 [amdgpu] [ 364.050263] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0xa12/0xc90 [amdgpu] [ 364.050473] kfd_ioctl_alloc_memory_of_gpu+0x16b/0x3b0 [amdgpu] [ 364.050680] kfd_ioctl+0x3c2/0x530 [amdgpu] [ 364.050866] ? __pfx_kfd_ioctl_alloc_memory_of_gpu+0x10/0x10 [amdgpu] [ 364.05105 ---truncated--- CVE-2024-56594 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56594.html CVE-2024-56594 https://bugzilla.suse.com/1235413 SUSE Bug 1235413 In the Linux kernel, the following vulnerability has been resolved: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out. CVE-2024-56595 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56595.html CVE-2024-56595 https://bugzilla.suse.com/1235410 SUSE Bug 1235410 In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might contain some invalid values. Added a check to return error code in that case. CVE-2024-56596 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56596.html CVE-2024-56596 https://bugzilla.suse.com/1235458 SUSE Bug 1235458 In the Linux kernel, the following vulnerability has been resolved: jfs: fix shift-out-of-bounds in dbSplit When dmt_budmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself. CVE-2024-56597 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56597.html CVE-2024-56597 https://bugzilla.suse.com/1235222 SUSE Bug 1235222 In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case. CVE-2024-56598 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56598.html CVE-2024-56598 https://bugzilla.suse.com/1235220 SUSE Bug 1235220 https://bugzilla.suse.com/1235221 SUSE Bug 1235221 In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: avoid NULL pointer error during sdio remove When running 'rmmod ath10k', ath10k_sdio_remove() will free sdio workqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON is set to yes, kernel panic will happen: Call trace: destroy_workqueue+0x1c/0x258 ath10k_sdio_remove+0x84/0x94 sdio_bus_remove+0x50/0x16c device_release_driver_internal+0x188/0x25c device_driver_detach+0x20/0x2c This is because during 'rmmod ath10k', ath10k_sdio_remove() will call ath10k_core_destroy() before destroy_workqueue(). wiphy_dev_release() will finally be called in ath10k_core_destroy(). This function will free struct cfg80211_registered_device *rdev and all its members, including wiphy, dev and the pointer of sdio workqueue. Then the pointer of sdio workqueue will be set to NULL due to CONFIG_INIT_ON_FREE_DEFAULT_ON. After device release, destroy_workqueue() will use NULL pointer then the kernel panic happen. Call trace: ath10k_sdio_remove ->ath10k_core_unregister …… ->ath10k_core_stop ->ath10k_hif_stop ->ath10k_sdio_irq_disable ->ath10k_hif_power_down ->del_timer_sync(&ar_sdio->sleep_timer) ->ath10k_core_destroy ->ath10k_mac_destroy ->ieee80211_free_hw ->wiphy_free …… ->wiphy_dev_release ->destroy_workqueue Need to call destroy_workqueue() before ath10k_core_destroy(), free the work queue buffer first and then free pointer of work queue by ath10k_core_destroy(). This order matches the error path order in ath10k_sdio_probe(). No work will be queued on sdio workqueue between it is destroyed and ath10k_core_destroy() is called. Based on the call_stack above, the reason is: Only ath10k_sdio_sleep_timer_handler(), ath10k_sdio_hif_tx_sg() and ath10k_sdio_irq_disable() will queue work on sdio workqueue. Sleep timer will be deleted before ath10k_core_destroy() in ath10k_hif_power_down(). ath10k_sdio_irq_disable() only be called in ath10k_hif_stop(). ath10k_core_unregister() will call ath10k_hif_power_down() to stop hif bus, so ath10k_sdio_hif_tx_sg() won't be called anymore. Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00189 CVE-2024-56599 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56599.html CVE-2024-56599 https://bugzilla.suse.com/1235138 SUSE Bug 1235138 Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection. CVE-2024-5660 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-5660.html CVE-2024-5660 In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error. CVE-2024-56600 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56600.html CVE-2024-56600 https://bugzilla.suse.com/1235217 SUSE Bug 1235217 https://bugzilla.suse.com/1235218 SUSE Bug 1235218 In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error. CVE-2024-56601 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56601.html CVE-2024-56601 https://bugzilla.suse.com/1235230 SUSE Bug 1235230 https://bugzilla.suse.com/1235231 SUSE Bug 1235231 In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free. Clear the sk pointer in the sock object on error. CVE-2024-56602 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56602.html CVE-2024-56602 https://bugzilla.suse.com/1235521 SUSE Bug 1235521 https://bugzilla.suse.com/1235522 SUSE Bug 1235522 In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later. CVE-2024-56603 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56603.html CVE-2024-56603 https://bugzilla.suse.com/1235415 SUSE Bug 1235415 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free. Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc(). CVE-2024-56604 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56604.html CVE-2024-56604 https://bugzilla.suse.com/1235056 SUSE Bug 1235056 https://bugzilla.suse.com/1235058 SUSE Bug 1235058 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code. CVE-2024-56605 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56605.html CVE-2024-56605 https://bugzilla.suse.com/1234853 SUSE Bug 1234853 https://bugzilla.suse.com/1235061 SUSE Bug 1235061 https://bugzilla.suse.com/1235062 SUSE Bug 1235062 In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free. CVE-2024-56606 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56606.html CVE-2024-56606 https://bugzilla.suse.com/1235417 SUSE Bug 1235417 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() When I try to manually set bitrates: iw wlan0 set bitrates legacy-2.4 1 I get sleeping from invalid context error, see below. Fix that by switching to use recently introduced ieee80211_iterate_stations_mtx(). Do note that WCN6855 firmware is still crashing, I'm not sure if that firmware even supports bitrate WMI commands and should we consider disabling ath12k_mac_op_set_bitrate_mask() for WCN6855? But that's for another patch. BUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath12k/wmi.c:420 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2236, name: iw preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 3 locks held by iw/2236: #0: ffffffffabc6f1d8 (cb_lock){++++}-{3:3}, at: genl_rcv+0x14/0x40 #1: ffff888138410810 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_pre_doit+0x54d/0x800 [cfg80211] #2: ffffffffab2cfaa0 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_stations_atomic+0x2f/0x200 [mac80211] CPU: 3 UID: 0 PID: 2236 Comm: iw Not tainted 6.11.0-rc7-wt-ath+ #1772 Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 Call Trace: <TASK> dump_stack_lvl+0xa4/0xe0 dump_stack+0x10/0x20 __might_resched+0x363/0x5a0 ? __alloc_skb+0x165/0x340 __might_sleep+0xad/0x160 ath12k_wmi_cmd_send+0xb1/0x3d0 [ath12k] ? ath12k_wmi_init_wcn7850+0xa40/0xa40 [ath12k] ? __netdev_alloc_skb+0x45/0x7b0 ? __asan_memset+0x39/0x40 ? ath12k_wmi_alloc_skb+0xf0/0x150 [ath12k] ? reacquire_held_locks+0x4d0/0x4d0 ath12k_wmi_set_peer_param+0x340/0x5b0 [ath12k] ath12k_mac_disable_peer_fixed_rate+0xa3/0x110 [ath12k] ? ath12k_mac_vdev_stop+0x4f0/0x4f0 [ath12k] ieee80211_iterate_stations_atomic+0xd4/0x200 [mac80211] ath12k_mac_op_set_bitrate_mask+0x5d2/0x1080 [ath12k] ? ath12k_mac_vif_chan+0x320/0x320 [ath12k] drv_set_bitrate_mask+0x267/0x470 [mac80211] ieee80211_set_bitrate_mask+0x4cc/0x8a0 [mac80211] ? __this_cpu_preempt_check+0x13/0x20 nl80211_set_tx_bitrate_mask+0x2bc/0x530 [cfg80211] ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211] ? trace_contention_end+0xef/0x140 ? rtnl_unlock+0x9/0x10 ? nl80211_pre_doit+0x557/0x800 [cfg80211] genl_family_rcv_msg_doit+0x1f0/0x2e0 ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 ? ns_capable+0x57/0xd0 genl_family_rcv_msg+0x34c/0x600 ? genl_family_rcv_msg_dumpit+0x310/0x310 ? __lock_acquire+0xc62/0x1de0 ? he_set_mcs_mask.isra.0+0x8d0/0x8d0 [cfg80211] ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211] ? cfg80211_external_auth_request+0x690/0x690 [cfg80211] genl_rcv_msg+0xa0/0x130 netlink_rcv_skb+0x14c/0x400 ? genl_family_rcv_msg+0x600/0x600 ? netlink_ack+0xd70/0xd70 ? rwsem_optimistic_spin+0x4f0/0x4f0 ? genl_rcv+0x14/0x40 ? down_read_killable+0x580/0x580 ? netlink_deliver_tap+0x13e/0x350 ? __this_cpu_preempt_check+0x13/0x20 genl_rcv+0x23/0x40 netlink_unicast+0x45e/0x790 ? netlink_attachskb+0x7f0/0x7f0 netlink_sendmsg+0x7eb/0xdb0 ? netlink_unicast+0x790/0x790 ? __this_cpu_preempt_check+0x13/0x20 ? selinux_socket_sendmsg+0x31/0x40 ? netlink_unicast+0x790/0x790 __sock_sendmsg+0xc9/0x160 ____sys_sendmsg+0x620/0x990 ? kernel_sendmsg+0x30/0x30 ? __copy_msghdr+0x410/0x410 ? __kasan_check_read+0x11/0x20 ? mark_lock+0xe6/0x1470 ___sys_sendmsg+0xe9/0x170 ? copy_msghdr_from_user+0x120/0x120 ? __lock_acquire+0xc62/0x1de0 ? do_fault_around+0x2c6/0x4e0 ? do_user_addr_fault+0x8c1/0xde0 ? reacquire_held_locks+0x220/0x4d0 ? do_user_addr_fault+0x8c1/0xde0 ? __kasan_check_read+0x11/0x20 ? __fdget+0x4e/0x1d0 ? sockfd_lookup_light+0x1a/0x170 __sys_sendmsg+0xd2/0x180 ? __sys_sendmsg_sock+0x20/0x20 ? reacquire_held_locks+0x4d0/0x4d0 ? debug_smp_processor_id+0x17/0x20 __x64_sys_sendmsg+0x72/0xb0 ? lockdep_hardirqs_on+0x7d/0x100 x64_sys_call+0x894/0x9f0 do_syscall_64+0x64/0x130 entry_SYSCALL_64_after_ ---truncated--- CVE-2024-56607 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56607.html CVE-2024-56607 https://bugzilla.suse.com/1235423 SUSE Bug 1235423 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index is within the valid range of the link_enc_hpd_regs array. If the index is out of bounds, the function now returns NULL to prevent undefined behavior. References: [ 65.920507] ------------[ cut here ]------------ [ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29 [ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]' [ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13 [ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020 [ 65.920527] Call Trace: [ 65.920529] <TASK> [ 65.920532] dump_stack_lvl+0x48/0x70 [ 65.920541] dump_stack+0x10/0x20 [ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0 [ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu] [ 65.921009] link_create+0x6d3/0xed0 [amdgpu] [ 65.921355] create_links+0x18a/0x4e0 [amdgpu] [ 65.921679] dc_create+0x360/0x720 [amdgpu] [ 65.921999] ? dmi_matches+0xa0/0x220 [ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu] [ 65.922342] ? console_unlock+0x77/0x120 [ 65.922348] ? dev_printk_emit+0x86/0xb0 [ 65.922354] dm_hw_init+0x15/0x40 [amdgpu] [ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu] [ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu] [ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu] [ 65.923087] local_pci_probe+0x4b/0xb0 [ 65.923087] pci_device_probe+0xc8/0x280 [ 65.923087] really_probe+0x187/0x300 [ 65.923087] __driver_probe_device+0x85/0x130 [ 65.923087] driver_probe_device+0x24/0x110 [ 65.923087] __driver_attach+0xac/0x1d0 [ 65.923087] ? __pfx___driver_attach+0x10/0x10 [ 65.923087] bus_for_each_dev+0x7d/0xd0 [ 65.923087] driver_attach+0x1e/0x30 [ 65.923087] bus_add_driver+0xf2/0x200 [ 65.923087] driver_register+0x64/0x130 [ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu] [ 65.923087] __pci_register_driver+0x61/0x70 [ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu] [ 65.923087] do_one_initcall+0x49/0x310 [ 65.923087] ? kmalloc_trace+0x136/0x360 [ 65.923087] do_init_module+0x6a/0x270 [ 65.923087] load_module+0x1fce/0x23a0 [ 65.923087] init_module_from_file+0x9c/0xe0 [ 65.923087] ? init_module_from_file+0x9c/0xe0 [ 65.923087] idempotent_init_module+0x179/0x230 [ 65.923087] __x64_sys_finit_module+0x5d/0xa0 [ 65.923087] do_syscall_64+0x76/0x120 [ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 65.923087] RIP: 0033:0x7f2d80f1e88d [ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d [ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f [ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002 [ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480 [ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0 [ 65.923087] </TASK> [ 65.923927] ---[ end trace ]--- CVE-2024-56608 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56608.html CVE-2024-56608 https://bugzilla.suse.com/1235487 SUSE Bug 1235487 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb When removing kernel modules by: rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core Driver uses skb_queue_purge() to purge TX skb, but not report tx status causing "Have pending ack frames!" warning. Use ieee80211_purge_tx_queue() to correct this. Since ieee80211_purge_tx_queue() doesn't take locks, to prevent racing between TX work and purge TX queue, flush and destroy TX work in advance. wlan0: deauthenticating from aa:f5:fd:60:4c:a8 by local choice (Reason: 3=DEAUTH_LEAVING) ------------[ cut here ]------------ Have pending ack frames! WARNING: CPU: 3 PID: 9232 at net/mac80211/main.c:1691 ieee80211_free_ack_frame+0x5c/0x90 [mac80211] CPU: 3 PID: 9232 Comm: rmmod Tainted: G C 6.10.1-200.fc40.aarch64 #1 Hardware name: pine64 Pine64 PinePhone Braveheart (1.1)/Pine64 PinePhone Braveheart (1.1), BIOS 2024.01 01/01/2024 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ieee80211_free_ack_frame+0x5c/0x90 [mac80211] lr : ieee80211_free_ack_frame+0x5c/0x90 [mac80211] sp : ffff80008c1b37b0 x29: ffff80008c1b37b0 x28: ffff000003be8000 x27: 0000000000000000 x26: 0000000000000000 x25: ffff000003dc14b8 x24: ffff80008c1b37d0 x23: ffff000000ff9f80 x22: 0000000000000000 x21: 000000007fffffff x20: ffff80007c7e93d8 x19: ffff00006e66f400 x18: 0000000000000000 x17: ffff7ffffd2b3000 x16: ffff800083fc0000 x15: 0000000000000000 x14: 0000000000000000 x13: 2173656d61726620 x12: 6b636120676e6964 x11: 0000000000000000 x10: 000000000000005d x9 : ffff8000802af2b0 x8 : ffff80008c1b3430 x7 : 0000000000000001 x6 : 0000000000000001 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000003be8000 Call trace: ieee80211_free_ack_frame+0x5c/0x90 [mac80211] idr_for_each+0x74/0x110 ieee80211_free_hw+0x44/0xe8 [mac80211] rtw_sdio_remove+0x9c/0xc0 [rtw88_sdio] sdio_bus_remove+0x44/0x180 device_remove+0x54/0x90 device_release_driver_internal+0x1d4/0x238 driver_detach+0x54/0xc0 bus_remove_driver+0x78/0x108 driver_unregister+0x38/0x78 sdio_unregister_driver+0x2c/0x40 rtw_8723cs_driver_exit+0x18/0x1000 [rtw88_8723cs] __do_sys_delete_module.isra.0+0x190/0x338 __arm64_sys_delete_module+0x1c/0x30 invoke_syscall+0x74/0x100 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x3c/0x158 el0t_64_sync_handler+0x120/0x138 el0t_64_sync+0x194/0x198 ---[ end trace 0000000000000000 ]--- CVE-2024-56609 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56609.html CVE-2024-56609 https://bugzilla.suse.com/1235389 SUSE Bug 1235389 In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240 | hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0 | softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60 | softirqs last disabled at (0): [<0000000000000000>] 0x0 | Preemption disabled at: | [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90 | CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 | Call Trace: | <IRQ> | dump_stack_lvl+0x7e/0xc0 | dump_stack+0x1d/0x30 | __might_resched+0x1a2/0x270 | rt_spin_lock+0x68/0x170 | kcsan_skip_report_debugfs+0x43/0xe0 | print_report+0xb5/0x590 | kcsan_report_known_origin+0x1b1/0x1d0 | kcsan_setup_watchpoint+0x348/0x650 | __tsan_unaligned_write1+0x16d/0x1d0 | hrtimer_interrupt+0x3d6/0x430 | __sysvec_apic_timer_interrupt+0xe8/0x3a0 | sysvec_apic_timer_interrupt+0x97/0xc0 | </IRQ> On a detected data race, KCSAN's reporting logic checks if it should filter the report. That list is protected by the report_filterlist_lock *non-raw* spinlock which may sleep on RT kernels. Since KCSAN may report data races in any context, convert it to a raw_spinlock. This requires being careful about when to allocate memory for the filter list itself which can be done via KCSAN's debugfs interface. Concurrent modification of the filter list via debugfs should be rare: the chosen strategy is to optimistically pre-allocate memory before the critical section and discard if unused. CVE-2024-56610 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56610.html CVE-2024-56610 https://bugzilla.suse.com/1235390 SUSE Bug 1235390 In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm@linux-foundation.org: add unlikely()] CVE-2024-56611 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56611.html CVE-2024-56611 https://bugzilla.suse.com/1235391 SUSE Bug 1235391 In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xsk_map_delete_elem function an unsigned integer (map->max_entries) is compared with a user-controlled signed integer (k). Due to implicit type conversion, a large unsigned value for map->max_entries can bypass the intended bounds check: if (k >= map->max_entries) return -EINVAL; This allows k to hold a negative value (between -2147483648 and -2), which is then used as an array index in m->xsk_map[k], which results in an out-of-bounds access. spin_lock_bh(&m->lock); map_entry = &m->xsk_map[k]; // Out-of-bounds map_entry old_xs = unrcu_pointer(xchg(map_entry, NULL)); // Oob write if (old_xs) xsk_map_sock_delete(old_xs, map_entry); spin_unlock_bh(&m->lock); The xchg operation can then be used to cause an out-of-bounds write. Moreover, the invalid map_entry passed to xsk_map_sock_delete can lead to further memory corruption. " It indeed results in following splat: [76612.897343] BUG: unable to handle page fault for address: ffffc8fc2e461108 [76612.904330] #PF: supervisor write access in kernel mode [76612.909639] #PF: error_code(0x0002) - not-present page [76612.914855] PGD 0 P4D 0 [76612.917431] Oops: Oops: 0002 [#1] PREEMPT SMP [76612.921859] CPU: 11 UID: 0 PID: 10318 Comm: a.out Not tainted 6.12.0-rc1+ #470 [76612.929189] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [76612.939781] RIP: 0010:xsk_map_delete_elem+0x2d/0x60 [76612.944738] Code: 00 00 41 54 55 53 48 63 2e 3b 6f 24 73 38 4c 8d a7 f8 00 00 00 48 89 fb 4c 89 e7 e8 2d bf 05 00 48 8d b4 eb 00 01 00 00 31 ff <48> 87 3e 48 85 ff 74 05 e8 16 ff ff ff 4c 89 e7 e8 3e bc 05 00 31 [76612.963774] RSP: 0018:ffffc9002e407df8 EFLAGS: 00010246 [76612.969079] RAX: 0000000000000000 RBX: ffffc9002e461000 RCX: 0000000000000000 [76612.976323] RDX: 0000000000000001 RSI: ffffc8fc2e461108 RDI: 0000000000000000 [76612.983569] RBP: ffffffff80000001 R08: 0000000000000000 R09: 0000000000000007 [76612.990812] R10: ffffc9002e407e18 R11: ffff888108a38858 R12: ffffc9002e4610f8 [76612.998060] R13: ffff888108a38858 R14: 00007ffd1ae0ac78 R15: ffffc9002e4610c0 [76613.005303] FS: 00007f80b6f59740(0000) GS:ffff8897e0ec0000(0000) knlGS:0000000000000000 [76613.013517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [76613.019349] CR2: ffffc8fc2e461108 CR3: 000000011e3ef001 CR4: 00000000007726f0 [76613.026595] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [76613.033841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [76613.041086] PKRU: 55555554 [76613.043842] Call Trace: [76613.046331] <TASK> [76613.048468] ? __die+0x20/0x60 [76613.051581] ? page_fault_oops+0x15a/0x450 [76613.055747] ? search_extable+0x22/0x30 [76613.059649] ? search_bpf_extables+0x5f/0x80 [76613.063988] ? exc_page_fault+0xa9/0x140 [76613.067975] ? asm_exc_page_fault+0x22/0x30 [76613.072229] ? xsk_map_delete_elem+0x2d/0x60 [76613.076573] ? xsk_map_delete_elem+0x23/0x60 [76613.080914] __sys_bpf+0x19b7/0x23c0 [76613.084555] __x64_sys_bpf+0x1a/0x20 [76613.088194] do_syscall_64+0x37/0xb0 [76613.091832] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [76613.096962] RIP: 0033:0x7f80b6d1e88d [76613.100592] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [76613.119631] RSP: 002b:00007ffd1ae0ac68 EFLAGS: 00000206 ORIG_RAX: 0000000000000141 [76613.131330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80b6d1e88d [76613.142632] RDX: 0000000000000098 RSI: 00007ffd1ae0ad20 RDI: 0000000000000003 [76613.153967] RBP: 00007ffd1ae0adc0 R08: 0000000000000000 R09: 0000000000000000 [76613.166030] R10: 00007f80b6f77040 R11: 0000000000000206 R12: 00007ffd1ae0aed8 [76613.177130] R13: 000055ddf42ce1e9 R14: 000055ddf42d0d98 R15: 00 ---truncated--- CVE-2024-56614 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56614.html CVE-2024-56614 https://bugzilla.suse.com/1235424 SUSE Bug 1235424 In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes. Fix is simple as changing the type from int to u32, however, when compared to XSKMAP case, one more thing needs to be addressed. When map is released from system via dev_map_free(), we iterate through all of the entries and an iterator variable is also an int, which implies OOB accesses. Again, change it to be u32. Example splat below: [ 160.724676] BUG: unable to handle page fault for address: ffffc8fc2c001000 [ 160.731662] #PF: supervisor read access in kernel mode [ 160.736876] #PF: error_code(0x0000) - not-present page [ 160.742095] PGD 0 P4D 0 [ 160.744678] Oops: Oops: 0000 [#1] PREEMPT SMP [ 160.749106] CPU: 1 UID: 0 PID: 520 Comm: kworker/u145:12 Not tainted 6.12.0-rc1+ #487 [ 160.757050] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [ 160.767642] Workqueue: events_unbound bpf_map_free_deferred [ 160.773308] RIP: 0010:dev_map_free+0x77/0x170 [ 160.777735] Code: 00 e8 fd 91 ed ff e8 b8 73 ed ff 41 83 7d 18 19 74 6e 41 8b 45 24 49 8b bd f8 00 00 00 31 db 85 c0 74 48 48 63 c3 48 8d 04 c7 <48> 8b 28 48 85 ed 74 30 48 8b 7d 18 48 85 ff 74 05 e8 b3 52 fa ff [ 160.796777] RSP: 0018:ffffc9000ee1fe38 EFLAGS: 00010202 [ 160.802086] RAX: ffffc8fc2c001000 RBX: 0000000080000000 RCX: 0000000000000024 [ 160.809331] RDX: 0000000000000000 RSI: 0000000000000024 RDI: ffffc9002c001000 [ 160.816576] RBP: 0000000000000000 R08: 0000000000000023 R09: 0000000000000001 [ 160.823823] R10: 0000000000000001 R11: 00000000000ee6b2 R12: dead000000000122 [ 160.831066] R13: ffff88810c928e00 R14: ffff8881002df405 R15: 0000000000000000 [ 160.838310] FS: 0000000000000000(0000) GS:ffff8897e0c40000(0000) knlGS:0000000000000000 [ 160.846528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.852357] CR2: ffffc8fc2c001000 CR3: 0000000005c32006 CR4: 00000000007726f0 [ 160.859604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 160.866847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 160.874092] PKRU: 55555554 [ 160.876847] Call Trace: [ 160.879338] <TASK> [ 160.881477] ? __die+0x20/0x60 [ 160.884586] ? page_fault_oops+0x15a/0x450 [ 160.888746] ? search_extable+0x22/0x30 [ 160.892647] ? search_bpf_extables+0x5f/0x80 [ 160.896988] ? exc_page_fault+0xa9/0x140 [ 160.900973] ? asm_exc_page_fault+0x22/0x30 [ 160.905232] ? dev_map_free+0x77/0x170 [ 160.909043] ? dev_map_free+0x58/0x170 [ 160.912857] bpf_map_free_deferred+0x51/0x90 [ 160.917196] process_one_work+0x142/0x370 [ 160.921272] worker_thread+0x29e/0x3b0 [ 160.925082] ? rescuer_thread+0x4b0/0x4b0 [ 160.929157] kthread+0xd4/0x110 [ 160.932355] ? kthread_park+0x80/0x80 [ 160.936079] ret_from_fork+0x2d/0x50 [ 160.943396] ? kthread_park+0x80/0x80 [ 160.950803] ret_from_fork_asm+0x11/0x20 [ 160.958482] </TASK> CVE-2024-56615 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56615.html CVE-2024-56615 https://bugzilla.suse.com/1235426 SUSE Bug 1235426 In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corruption in drm_dp_sideband_append_payload() and the following errors in dmesg: UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25 index -1 is out of range for type 'u8 [48]' Call Trace: drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper] memcpy: detected field-spanning write (size 18446744073709551615) of single field "&msg->msg[msg->curlen]" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256) Call Trace: drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper] CVE-2024-56616 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56616.html CVE-2024-56616 https://bugzilla.suse.com/1235427 SUSE Bug 1235427 In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate and build cacheinfo early during boot. Commit 6539cffa9495 ("cacheinfo: Add arch specific early level initializer") lets secondary CPUs correct (and reallocate memory) cacheinfo data if needed. If the early build functionality is not used and cacheinfo does not need correction, memory for cacheinfo is never allocated. x86 does not use the early build functionality. Consequently, during the cacheinfo CPU hotplug callback, last_level_cache_is_valid() attempts to dereference a NULL pointer: BUG: kernel NULL pointer dereference, address: 0000000000000100 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not present page PGD 0 P4D 0 Oops: 0000 [#1] PREEPMT SMP NOPTI CPU: 0 PID 19 Comm: cpuhp/0 Not tainted 6.4.0-rc2 #1 RIP: 0010: last_level_cache_is_valid+0x95/0xe0a Allocate memory for cacheinfo during the cacheinfo CPU hotplug callback if not done earlier. Moreover, before determining the validity of the last-level cache info, ensure that it has been allocated. Simply checking for non-zero cache_leaves() is not sufficient, as some architectures (e.g., Intel processors) have non-zero cache_leaves() before allocation. Dereferencing NULL cacheinfo can occur in update_per_cpu_data_slice_size(). This function iterates over all online CPUs. However, a CPU may have come online recently, but its cacheinfo may not have been allocated yet. While here, remove an unnecessary indentation in allocate_cache_info(). [ bp: Massage. ] CVE-2024-56617 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56617.html CVE-2024-56617 https://bugzilla.suse.com/1235429 SUSE Bug 1235429 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned. This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size. Fix this issue by changing the type of the local variable causing the bit loss from "unsigned int" to "u64". The return value of nilfs_last_byte() is also of type "unsigned int", but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required. CVE-2024-56619 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56619.html CVE-2024-56619 https://bugzilla.suse.com/1235224 SUSE Bug 1235224 https://bugzilla.suse.com/1235225 SUSE Bug 1235225 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194 CVE-2024-56620 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56620.html CVE-2024-56620 https://bugzilla.suse.com/1235227 SUSE Bug 1235227 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled. CVE-2024-56622 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56622.html CVE-2024-56622 https://bugzilla.suse.com/1235251 SUSE Bug 1235251 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal to terminate dpc_thread. Use the kthread_stop as the main signal to exit dpc_thread. [596663.812935] kernel BUG at mm/slub.c:294! [596663.812950] invalid opcode: 0000 [#1] SMP PTI [596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1 [596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012 [596663.812974] RIP: 0010:__slab_free+0x17d/0x360 ... [596663.813008] Call Trace: [596663.813022] ? __dentry_kill+0x121/0x170 [596663.813030] ? _cond_resched+0x15/0x30 [596663.813034] ? _cond_resched+0x15/0x30 [596663.813039] ? wait_for_completion+0x35/0x190 [596663.813048] ? try_to_wake_up+0x63/0x540 [596663.813055] free_task+0x5a/0x60 [596663.813061] kthread_stop+0xf3/0x100 [596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx] CVE-2024-56623 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56623.html CVE-2024-56623 https://bugzilla.suse.com/1235466 SUSE Bug 1235466 https://bugzilla.suse.com/1235468 SUSE Bug 1235468 In the Linux kernel, the following vulnerability has been resolved: can: dev: can_set_termination(): allow sleeping GPIOs In commit 6e86a1543c37 ("can: dev: provide optional GPIO based termination support") GPIO based termination support was added. For no particular reason that patch uses gpiod_set_value() to set the GPIO. This leads to the following warning, if the systems uses a sleeping GPIO, i.e. behind an I2C port expander: | WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c | CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c Replace gpiod_set_value() by gpiod_set_value_cansleep() to allow the use of sleeping GPIOs. CVE-2024-56625 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56625.html CVE-2024-56625 https://bugzilla.suse.com/1235223 SUSE Bug 1235223 In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes. This issue was found on EXCELSIOR DL37-D05 device with Loongson-LS3A6000-7A2000-DL37 motherboard. Kernel logs: [ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci [ 56.671638] usb 4-3: string descriptor 0 read error: -22 [ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07 [ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0 [ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80 [ 56.697732] Oops[#1]: [ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015 [ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024 [ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0 [ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000 [ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000 [ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005 [ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000 [ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028 [ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000 [ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000 [ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom] [ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120 [ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE) [ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) [ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 56.697835] BADV: 0000000000000000 [ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000) [ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit [ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3) [ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000 [ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000 [ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0 [ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c [ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440 [ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0 [ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c [ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000 [ 56.697931] 90000001000bb8d0 ---truncated--- CVE-2024-56629 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56629.html CVE-2024-56629 https://bugzilla.suse.com/1235473 SUSE Bug 1235473 In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2_get_init_inode() fails syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode() succeeded and dquot_initialize() failed. CVE-2024-56630 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56630.html CVE-2024-56630 https://bugzilla.suse.com/1235479 SUSE Bug 1235479 In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5838 __mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912 sg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407 In sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is called before releasing the open_rel_lock mutex. The kref_put() call may decrement the reference count of sfp to zero, triggering its cleanup through sg_remove_sfp(). This cleanup includes scheduling deferred work via sg_remove_sfp_usercontext(), which ultimately frees sfp. After kref_put(), sg_release() continues to unlock open_rel_lock and may reference sfp or sdp. If sfp has already been freed, this results in a slab-use-after-free error. Move the kref_put(&sfp->f_ref, sg_remove_sfp) call after unlocking the open_rel_lock mutex. This ensures: - No references to sfp or sdp occur after the reference count is decremented. - Cleanup functions such as sg_remove_sfp() and sg_remove_sfp_usercontext() can safely execute without impacting the mutex handling in sg_release(). The fix has been tested and validated by syzbot. This patch closes the bug reported at the following syzkaller link and ensures proper sequencing of resource cleanup and mutex operations, eliminating the risk of use-after-free errors in sg_release(). CVE-2024-56631 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56631.html CVE-2024-56631 https://bugzilla.suse.com/1235480 SUSE Bug 1235480 https://bugzilla.suse.com/1235482 SUSE Bug 1235482 In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix the memleak while create new ctrl failed Now while we create new ctrl failed, we have not free the tagset occupied by admin_q, here try to fix it. CVE-2024-56632 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56632.html CVE-2024-56632 https://bugzilla.suse.com/1235483 SUSE Bug 1235483 In the Linux kernel, the following vulnerability has been resolved: gpio: grgpio: Add NULL check in grgpio_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in grgpio_probe is not checked. Add NULL check in grgpio_probe, to handle kernel NULL pointer dereference error. CVE-2024-56634 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56634.html CVE-2024-56634 https://bugzilla.suse.com/1235486 SUSE Bug 1235486 In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() from netdev_run_todo(), we can not assume the netns of each device is still alive. Make sure the device is not in NETREG_UNREGISTERED state, and add an ASSERT_RTNL() before the call to __dev_get_by_index(). We might move this ASSERT_RTNL() in __dev_get_by_index() in the future. [1] BUG: KASAN: slab-use-after-free in __dev_get_by_index+0x5d/0x110 net/core/dev.c:852 Read of size 8 at addr ffff888043eba1b0 by task syz.0.0/5339 CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __dev_get_by_index+0x5d/0x110 net/core/dev.c:852 default_operstate net/core/link_watch.c:51 [inline] rfc2863_policy+0x224/0x300 net/core/link_watch.c:67 linkwatch_do_dev+0x3e/0x170 net/core/link_watch.c:170 netdev_run_todo+0x461/0x1000 net/core/dev.c:10894 rtnl_unlock net/core/rtnetlink.c:152 [inline] rtnl_net_unlock include/linux/rtnetlink.h:133 [inline] rtnl_dellink+0x760/0x8d0 net/core/rtnetlink.c:3520 rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2541 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:726 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583 ___sys_sendmsg net/socket.c:2637 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2669 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2a3cb80809 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2a3d9cd058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f2a3cd45fa0 RCX: 00007f2a3cb80809 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008 RBP: 00007f2a3cbf393e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f2a3cd45fa0 R15: 00007ffd03bc65c8 </TASK> Allocated by task 5339: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314 kmalloc_noprof include/linux/slab.h:901 [inline] kmalloc_array_noprof include/linux/slab.h:945 [inline] netdev_create_hash net/core/dev.c:11870 [inline] netdev_init+0x10c/0x250 net/core/dev.c:11890 ops_init+0x31e/0x590 net/core/net_namespace.c:138 setup_net+0x287/0x9e0 net/core/net_namespace.c:362 copy_net_ns+0x33f/0x570 net/core/net_namespace.c:500 create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228 ksys_unshare+0x57d/0xa70 kernel/fork.c:3314 __do_sys_unshare kernel/fork.c:3385 [inline] __se_sys_unshare kernel/fork.c:3383 [inline] __x64_sys_unshare+0x38/0x40 kernel/fork.c:3383 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x8 ---truncated--- CVE-2024-56635 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56635.html CVE-2024-56635 https://bugzilla.suse.com/1235519 SUSE Bug 1235519 In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in geneve_xmit_skb() We should not assume mac header is set in output path. Use skb_eth_hdr() instead of eth_hdr() to fix the issue. sysbot reported the following : WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 skb_mac_header include/linux/skbuff.h:3052 [inline] WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 eth_hdr include/linux/if_ether.h:24 [inline] WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 geneve_xmit_skb drivers/net/geneve.c:898 [inline] WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 geneve_xmit+0x4c38/0x5730 drivers/net/geneve.c:1039 Modules linked in: CPU: 0 UID: 0 PID: 11635 Comm: syz.4.1423 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_mac_header include/linux/skbuff.h:3052 [inline] RIP: 0010:eth_hdr include/linux/if_ether.h:24 [inline] RIP: 0010:geneve_xmit_skb drivers/net/geneve.c:898 [inline] RIP: 0010:geneve_xmit+0x4c38/0x5730 drivers/net/geneve.c:1039 Code: 21 c6 02 e9 35 d4 ff ff e8 a5 48 4c fb 90 0f 0b 90 e9 fd f5 ff ff e8 97 48 4c fb 90 0f 0b 90 e9 d8 f5 ff ff e8 89 48 4c fb 90 <0f> 0b 90 e9 41 e4 ff ff e8 7b 48 4c fb 90 0f 0b 90 e9 cd e7 ff ff RSP: 0018:ffffc90003b2f870 EFLAGS: 00010283 RAX: 000000000000037a RBX: 000000000000ffff RCX: ffffc9000dc3d000 RDX: 0000000000080000 RSI: ffffffff86428417 RDI: 0000000000000003 RBP: ffffc90003b2f9f0 R08: 0000000000000003 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000002 R12: ffff88806603c000 R13: 0000000000000000 R14: ffff8880685b2780 R15: 0000000000000e23 FS: 00007fdc2deed6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30a1dff8 CR3: 0000000056b8c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] __dev_direct_xmit+0x58a/0x720 net/core/dev.c:4490 dev_direct_xmit include/linux/netdevice.h:3181 [inline] packet_xmit+0x1e4/0x360 net/packet/af_packet.c:285 packet_snd net/packet/af_packet.c:3146 [inline] packet_sendmsg+0x2700/0x5660 net/packet/af_packet.c:3178 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x488/0x4f0 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2200 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2024-56636 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56636.html CVE-2024-56636 https://bugzilla.suse.com/1235520 SUSE Bug 1235520 In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be provoked by inserting an mdelay() right after the nfnl_unlock() call. CVE-2024-56637 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56637.html CVE-2024-56637 https://bugzilla.suse.com/1235523 SUSE Bug 1235523 In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0 Workqueue: events smc_lgr_terminate_work [smc] RIP: 0010:__flush_work+0x19e/0x1b0 Call Trace: ? __wake_up_common+0x7a/0x190 ? work_busy+0x80/0x80 __cancel_work_timer+0xe3/0x160 smc_close_cancel_work+0x1a/0x70 [smc] smc_close_active_abort+0x207/0x360 [smc] __smc_lgr_terminate.part.38+0xc8/0x180 [smc] process_one_work+0x19e/0x340 worker_thread+0x30/0x370 ? process_one_work+0x340/0x340 kthread+0x117/0x130 ? __kthread_cancel_work+0x50/0x50 ret_from_fork+0x22/0x30 This is because when smc_close_cancel_work is triggered, e.g. the RDMA driver is rmmod and the LGR is terminated, the conn->close_work is flushed before initialization, resulting in WARN_ON(!work->func). __smc_lgr_terminate | smc_connect_{rdma|ism} ------------------------------------------------------------- | smc_conn_create | \- smc_lgr_register_conn for conn in lgr->conns_all | \- smc_conn_kill | \- smc_close_active_abort | \- smc_close_cancel_work | \- cancel_work_sync | \- __flush_work | (close_work) | | smc_close_init | \- INIT_WORK(&close_work) So fix this by initializing close_work before establishing the connection. CVE-2024-56641 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56641.html CVE-2024-56641 https://bugzilla.suse.com/1235526 SUSE Bug 1235526 In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_disable() calls tipc_udp_disable(), cleanup of the UDP kernel socket is deferred by work calling cleanup_bearer(). tipc_exit_net() waits for such works to finish by checking tipc_net(net)->wq_count. However, the work decrements the count too early before releasing the kernel socket, unblocking cleanup_net() and resulting in use-after-free. Let's move the decrement after releasing the socket in cleanup_bearer(). [0]: ref_tracker: net notrefcnt@000000009b3d1faf has 1/1 users at sk_alloc+0x438/0x608 inet_create+0x4c8/0xcb0 __sock_create+0x350/0x6b8 sock_create_kern+0x58/0x78 udp_sock_create4+0x68/0x398 udp_sock_create+0x88/0xc8 tipc_udp_enable+0x5e8/0x848 __tipc_nl_bearer_enable+0x84c/0xed8 tipc_nl_bearer_enable+0x38/0x60 genl_family_rcv_msg_doit+0x170/0x248 genl_rcv_msg+0x400/0x5b0 netlink_rcv_skb+0x1dc/0x398 genl_rcv+0x44/0x68 netlink_unicast+0x678/0x8b0 netlink_sendmsg+0x5e4/0x898 ____sys_sendmsg+0x500/0x830 [1]: BUG: KMSAN: use-after-free in udp_hashslot include/net/udp.h:85 [inline] BUG: KMSAN: use-after-free in udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979 udp_hashslot include/net/udp.h:85 [inline] udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979 sk_common_release+0xaf/0x3f0 net/core/sock.c:3820 inet_release+0x1e0/0x260 net/ipv4/af_inet.c:437 inet6_release+0x6f/0xd0 net/ipv6/af_inet6.c:489 __sock_release net/socket.c:658 [inline] sock_release+0xa0/0x210 net/socket.c:686 cleanup_bearer+0x42d/0x4c0 net/tipc/udp_media.c:819 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310 worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391 kthread+0x531/0x6b0 kernel/kthread.c:389 ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 Uninit was created at: slab_free_hook mm/slub.c:2269 [inline] slab_free mm/slub.c:4580 [inline] kmem_cache_free+0x207/0xc40 mm/slub.c:4682 net_free net/core/net_namespace.c:454 [inline] cleanup_net+0x16f2/0x19d0 net/core/net_namespace.c:647 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310 worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391 kthread+0x531/0x6b0 kernel/kthread.c:389 ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.12.0-rc1-00131-gf66ebf37d69c #7 91723d6f74857f70725e1583cba3cf4adc716cfa Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 Workqueue: events cleanup_bearer CVE-2024-56642 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56642.html CVE-2024-56642 https://bugzilla.suse.com/1235433 SUSE Bug 1235433 https://bugzilla.suse.com/1235434 SUSE Bug 1235434 In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128 [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline] [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline] [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650 [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688 [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline] [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570 [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111 [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline] [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865 [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882 [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline] [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline] [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889 [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Clean up the allocated memory in case of dccp_feat_push_confirm() failure and bail out with an error reset code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2024-56643 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56643.html CVE-2024-56643 https://bugzilla.suse.com/1235132 SUSE Bug 1235132 In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must be fulfilled for the leak to occur: * an ICMPv6 packet indicating a change of the MTU for the path is received, resulting in an exception dst being created * a TCP connection that uses the exception dst for routing packets must start timing out so that TCP begins retransmissions * after the exception dst expires, the FIB6 garbage collector must not run before TCP executes ip6_negative_advice() for the expired exception dst When TCP executes ip6_negative_advice() for an exception dst that has expired and if no other socket holds a reference to the exception dst, the refcount of the exception dst is 2, which corresponds to the increment made by dst_init() and the increment made by the TCP socket for which the connection is timing out. The refcount made by the socket is never released. The refcount of the dst is decremented in sk_dst_reset() but that decrement is counteracted by a dst_hold() intentionally placed just before the sk_dst_reset() in ip6_negative_advice(). After ip6_negative_advice() has finished, there is no other object tied to the dst. The socket lost its reference stored in sk_dst_cache and the dst is no longer in the exception table. The exception dst becomes a leaked object. As a result of this dst leak, an unbalanced refcount is reported for the loopback device of a net namespace being destroyed under kernels that do not contain e5f80fcf869a ("ipv6: give an IPv6 dev to blackhole_netdev"): unregister_netdevice: waiting for lo to become free. Usage count = 2 Fix the dst leak by removing the dst_hold() in ip6_negative_advice(). The patch that introduced the dst_hold() in ip6_negative_advice() was 92f1655aa2b22 ("net: fix __dst_negative_advice() race"). But 92f1655aa2b22 merely refactored the code with regards to the dst refcount so the issue was present even before 92f1655aa2b22. The bug was introduced in 54c1a859efd9f ("ipv6: Don't drop cache route entry unless timer actually expired.") where the expired cached route is deleted and the sk_dst_cache member of the socket is set to NULL by calling dst_negative_advice() but the refcount belonging to the socket is left unbalanced. The IPv4 version - ipv4_negative_advice() - is not affected by this bug. When the TCP connection times out ipv4_negative_advice() merely resets the sk_dst_cache of the socket while decrementing the refcount of the exception dst. CVE-2024-56644 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56644.html CVE-2024-56644 https://bugzilla.suse.com/1235133 SUSE Bug 1235133 In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_session_new(): fix skb reference counting Since j1939_session_skb_queue() does an extra skb_get() for each new skb, do the same for the initial one in j1939_session_new() to avoid refcount underflow. [mkl: clean up commit message] CVE-2024-56645 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56645.html CVE-2024-56645 https://bugzilla.suse.com/1235134 SUSE Bug 1235134 https://bugzilla.suse.com/1235135 SUSE Bug 1235135 In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fill_frame_info() is relying on skb->mac_len already, extend the check to cover this case. BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline] BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724 fill_frame_info net/hsr/hsr_forward.c:709 [inline] hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724 hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606 __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434 dev_queue_xmit include/linux/netdevice.h:3168 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3146 [inline] packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:726 __sys_sendto+0x594/0x750 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4091 [inline] slab_alloc_node mm/slub.c:4134 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1323 [inline] alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881 packet_alloc_skb net/packet/af_packet.c:2995 [inline] packet_snd net/packet/af_packet.c:3089 [inline] packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:726 __sys_sendto+0x594/0x750 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2024-56648 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56648.html CVE-2024-56648 https://bugzilla.suse.com/1235451 SUSE Bug 1235451 https://bugzilla.suse.com/1235452 SUSE Bug 1235452 In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure MQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs() to configure preemptible TCs. However, only PF is able to configure preemptible TCs. Because only PF has related registers, while VF does not have these registers. So for VF, its hw->port pointer is NULL. Therefore, VF will access an invalid pointer when accessing a non-existent register, which will cause a crash issue. The simplified log is as follows. root@ls1028ardb:~# tc qdisc add dev eno0vf0 parent root handle 100: \ mqprio num_tc 4 map 0 0 1 1 2 2 3 3 queues 1@0 1@1 1@2 1@3 hw 1 [ 187.290775] Unable to handle kernel paging request at virtual address 0000000000001f00 [ 187.424831] pc : enetc_mm_commit_preemptible_tcs+0x1c4/0x400 [ 187.430518] lr : enetc_mm_commit_preemptible_tcs+0x30c/0x400 [ 187.511140] Call trace: [ 187.513588] enetc_mm_commit_preemptible_tcs+0x1c4/0x400 [ 187.518918] enetc_setup_tc_mqprio+0x180/0x214 [ 187.523374] enetc_vf_setup_tc+0x1c/0x30 [ 187.527306] mqprio_enable_offload+0x144/0x178 [ 187.531766] mqprio_init+0x3ec/0x668 [ 187.535351] qdisc_create+0x15c/0x488 [ 187.539023] tc_modify_qdisc+0x398/0x73c [ 187.542958] rtnetlink_rcv_msg+0x128/0x378 [ 187.547064] netlink_rcv_skb+0x60/0x130 [ 187.550910] rtnetlink_rcv+0x18/0x24 [ 187.554492] netlink_unicast+0x300/0x36c [ 187.558425] netlink_sendmsg+0x1a8/0x420 [ 187.606759] ---[ end trace 0000000000000000 ]--- In addition, some PFs also do not support configuring preemptible TCs, such as eno1 and eno3 on LS1028A. It won't crash like it does for VFs, but we should prevent these PFs from accessing these unimplemented registers. CVE-2024-56649 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56649.html CVE-2024-56649 https://bugzilla.suse.com/1235449 SUSE Bug 1235449 In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by task repro/5879 ... Call Trace: <TASK> dump_stack_lvl+0x241/0x360 ? __pfx_dump_stack_lvl+0x10/0x10 ? __pfx__printk+0x10/0x10 ? _printk+0xd5/0x120 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 print_report+0x169/0x550 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x45f/0x530 ? __phys_addr+0xba/0x170 ? strlen+0x58/0x70 kasan_report+0x143/0x180 ? strlen+0x58/0x70 strlen+0x58/0x70 kstrdup+0x20/0x80 led_tg_check+0x18b/0x3c0 xt_check_target+0x3bb/0xa40 ? __pfx_xt_check_target+0x10/0x10 ? stack_depot_save_flags+0x6e4/0x830 ? nft_target_init+0x174/0xc30 nft_target_init+0x82d/0xc30 ? __pfx_nft_target_init+0x10/0x10 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? rcu_is_watching+0x15/0xb0 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? __kmalloc_noprof+0x21a/0x400 nf_tables_newrule+0x1860/0x2980 ? __pfx_nf_tables_newrule+0x10/0x10 ? __nla_parse+0x40/0x60 nfnetlink_rcv+0x14e5/0x2ab0 ? __pfx_validate_chain+0x10/0x10 ? __pfx_nfnetlink_rcv+0x10/0x10 ? __lock_acquire+0x1384/0x2050 ? netlink_deliver_tap+0x2e/0x1b0 ? __pfx_lock_release+0x10/0x10 ? netlink_deliver_tap+0x2e/0x1b0 netlink_unicast+0x7f8/0x990 ? __pfx_netlink_unicast+0x10/0x10 ? __virt_addr_valid+0x183/0x530 ? __check_object_size+0x48e/0x900 netlink_sendmsg+0x8e4/0xcb0 ? __pfx_netlink_sendmsg+0x10/0x10 ? aa_sock_msg_perm+0x91/0x160 ? __pfx_netlink_sendmsg+0x10/0x10 __sock_sendmsg+0x223/0x270 ____sys_sendmsg+0x52a/0x7e0 ? __pfx_____sys_sendmsg+0x10/0x10 __sys_sendmsg+0x292/0x380 ? __pfx___sys_sendmsg+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? exc_page_fault+0x590/0x8c0 ? do_syscall_64+0xb6/0x230 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> Since an invalid (without '\0' byte at all) byte sequence may be passed from userspace, add an extra check to ensure that such a sequence is rejected as possible ID and so never passed to 'kstrdup()' and further. CVE-2024-56650 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56650.html CVE-2024-56650 https://bugzilla.suse.com/1235430 SUSE Bug 1235430 https://bugzilla.suse.com/1235431 SUSE Bug 1235431 In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting. CVE-2024-56651 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56651.html CVE-2024-56651 https://bugzilla.suse.com/1235528 SUSE Bug 1235528 https://bugzilla.suse.com/1236570 SUSE Bug 1236570 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treated as rcu_dereference: Note that the value returned by rcu_dereference() is valid only within the enclosing RCU read-side critical section [1]_. For example, the following is **not** legal:: rcu_read_lock(); p = rcu_dereference(head.next); rcu_read_unlock(); x = p->address; /* BUG!!! */ rcu_read_lock(); y = p->data; /* BUG!!! */ rcu_read_unlock(); CVE-2024-56654 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56654.html CVE-2024-56654 https://bugzilla.suse.com/1235532 SUSE Bug 1235532 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X (P7) chip's HW GRO/LRO interface is very similar to that of the previous generation (5750X or P5). However, the aggregation ID fields in the completion structures on P7 have been redefined from 16 bits to 12 bits. The freed up 4 bits are redefined for part of the metadata such as the VLAN ID. The aggregation ID mask was not modified when adding support for P7 chips. Including the extra 4 bits for the aggregation ID can potentially cause the driver to store or fetch the packet header of GRO/LRO packets in the wrong TPA buffer. It may hit the BUG() condition in __skb_pull() because the SKB contains no valid packet header: kernel BUG at include/linux/skbuff.h:2766! Oops: invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 4 UID: 0 PID: 0 Comm: swapper/4 Kdump: loaded Tainted: G OE 6.12.0-rc2+ #7 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: Dell Inc. PowerEdge R760/0VRV9X, BIOS 1.0.1 12/27/2022 RIP: 0010:eth_type_trans+0xda/0x140 Code: 80 00 00 00 eb c1 8b 47 70 2b 47 74 48 8b 97 d0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb a5 <0f> 0b b8 00 01 00 00 eb 9c 48 85 ff 74 eb 31 f6 b9 02 00 00 00 48 RSP: 0018:ff615003803fcc28 EFLAGS: 00010283 RAX: 00000000000022d2 RBX: 0000000000000003 RCX: ff2e8c25da334040 RDX: 0000000000000040 RSI: ff2e8c25c1ce8000 RDI: ff2e8c25869f9000 RBP: ff2e8c258c31c000 R08: ff2e8c25da334000 R09: 0000000000000001 R10: ff2e8c25da3342c0 R11: ff2e8c25c1ce89c0 R12: ff2e8c258e0990b0 R13: ff2e8c25bb120000 R14: ff2e8c25c1ce89c0 R15: ff2e8c25869f9000 FS: 0000000000000000(0000) GS:ff2e8c34be300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f05317e4c8 CR3: 000000108bac6006 CR4: 0000000000773ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? die+0x33/0x90 ? do_trap+0xd9/0x100 ? eth_type_trans+0xda/0x140 ? do_error_trap+0x65/0x80 ? eth_type_trans+0xda/0x140 ? exc_invalid_op+0x4e/0x70 ? eth_type_trans+0xda/0x140 ? asm_exc_invalid_op+0x16/0x20 ? eth_type_trans+0xda/0x140 bnxt_tpa_end+0x10b/0x6b0 [bnxt_en] ? bnxt_tpa_start+0x195/0x320 [bnxt_en] bnxt_rx_pkt+0x902/0xd90 [bnxt_en] ? __bnxt_tx_int.constprop.0+0x89/0x300 [bnxt_en] ? kmem_cache_free+0x343/0x440 ? __bnxt_tx_int.constprop.0+0x24f/0x300 [bnxt_en] __bnxt_poll_work+0x193/0x370 [bnxt_en] bnxt_poll_p5+0x9a/0x300 [bnxt_en] ? try_to_wake_up+0x209/0x670 __napi_poll+0x29/0x1b0 Fix it by redefining the aggregation ID mask for P5_PLUS chips to be 12 bits. This will work because the maximum aggregation ID is less than 4096 on all P5_PLUS chips. CVE-2024-56656 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56656.html CVE-2024-56656 https://bugzilla.suse.com/1235444 SUSE Bug 1235444 In the Linux kernel, the following vulnerability has been resolved: net: lapb: increase LAPB_HEADER_LEN It is unclear if net/lapb code is supposed to be ready for 8021q. We can at least avoid crashes like the following : skbuff: skb_under_panic: text:ffffffff8aabe1f6 len:24 put:20 head:ffff88802824a400 data:ffff88802824a3fe tail:0x16 end:0x140 dev:nr0.2 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 5508 Comm: dhcpcd Not tainted 6.12.0-rc7-syzkaller-00144-g66418447d27b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0d 8d 48 c7 c6 2e 9e 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 1a 6f 37 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc90002ddf638 EFLAGS: 00010282 RAX: 0000000000000086 RBX: dffffc0000000000 RCX: 7a24750e538ff600 RDX: 0000000000000000 RSI: 0000000000000201 RDI: 0000000000000000 RBP: ffff888034a86650 R08: ffffffff8174b13c R09: 1ffff920005bbe60 R10: dffffc0000000000 R11: fffff520005bbe61 R12: 0000000000000140 R13: ffff88802824a400 R14: ffff88802824a3fe R15: 0000000000000016 FS: 00007f2a5990d740(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c2631fd CR3: 0000000029504000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 nr_header+0x36/0x320 net/netrom/nr_dev.c:69 dev_hard_header include/linux/netdevice.h:3148 [inline] vlan_dev_hard_header+0x359/0x480 net/8021q/vlan_dev.c:83 dev_hard_header include/linux/netdevice.h:3148 [inline] lapbeth_data_transmit+0x1f6/0x2a0 drivers/net/wan/lapbether.c:257 lapb_data_transmit+0x91/0xb0 net/lapb/lapb_iface.c:447 lapb_transmit_buffer+0x168/0x1f0 net/lapb/lapb_out.c:149 lapb_establish_data_link+0x84/0xd0 lapb_device_event+0x4e0/0x670 notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93 __dev_notify_flags+0x207/0x400 dev_change_flags+0xf0/0x1a0 net/core/dev.c:8922 devinet_ioctl+0xa4e/0x1aa0 net/ipv4/devinet.c:1188 inet_ioctl+0x3d7/0x4f0 net/ipv4/af_inet.c:1003 sock_do_ioctl+0x158/0x460 net/socket.c:1227 sock_ioctl+0x626/0x8e0 net/socket.c:1346 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 CVE-2024-56659 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56659.html CVE-2024-56659 https://bugzilla.suse.com/1235439 SUSE Bug 1235439 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, prevent potential error pointer dereference The dr_domain_add_vport_cap() function generally returns NULL on error but sometimes we want it to return ERR_PTR(-EBUSY) so the caller can retry. The problem here is that "ret" can be either -EBUSY or -ENOMEM and if it's and -ENOMEM then the error pointer is propogated back and eventually dereferenced in dr_ste_v0_build_src_gvmi_qpn_tag(). CVE-2024-56660 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56660.html CVE-2024-56660 https://bugzilla.suse.com/1235437 SUSE Bug 1235437 In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL deref in cleanup_bearer() syzbot found [1] that after blamed commit, ub->ubsock->sk was NULL when attempting the atomic_dec() : atomic_dec(&tipc_net(sock_net(ub->ubsock->sk))->wq_count); Fix this by caching the tipc_net pointer. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events cleanup_bearer RIP: 0010:read_pnet include/net/net_namespace.h:387 [inline] RIP: 0010:sock_net include/net/sock.h:655 [inline] RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820 Code: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b RSP: 0018:ffffc9000410fb70 EFLAGS: 00010206 RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900 RBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20 R10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980 R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 CVE-2024-56661 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56661.html CVE-2024-56661 https://bugzilla.suse.com/1234931 SUSE Bug 1234931 In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/ core.c:416 [inline] BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0 drivers/acpi/nfit/core.c:459 The issue occurs in cmd_to_func when the call_pkg->nd_reserved2 array is accessed without verifying that call_pkg points to a buffer that is appropriately sized as a struct nd_cmd_pkg. This can lead to out-of-bounds access and undefined behavior if the buffer does not have sufficient space. To address this, a check was added in acpi_nfit_ctl() to ensure that buf is not NULL and that buf_len is less than sizeof(*call_pkg) before accessing it. This ensures safe access to the members of call_pkg, including the nd_reserved2 array. CVE-2024-56662 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56662.html CVE-2024-56662 https://bugzilla.suse.com/1235533 SUSE Bug 1235533 In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one Since the netlink attribute range validation provides inclusive checking, the *max* of attribute NL80211_ATTR_MLO_LINK_ID should be IEEE80211_MLD_MAX_NUM_LINKS - 1 otherwise causing an off-by-one. One crash stack for demonstration: ================================================================== BUG: KASAN: wild-memory-access in ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939 Read of size 6 at addr 001102080000000c by task fuzzer.386/9508 CPU: 1 PID: 9508 Comm: syz.1.386 Not tainted 6.1.70 #2 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_report+0xe0/0x750 mm/kasan/report.c:398 kasan_report+0x139/0x170 mm/kasan/report.c:495 kasan_check_range+0x287/0x290 mm/kasan/generic.c:189 memcpy+0x25/0x60 mm/kasan/shadow.c:65 ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939 rdev_tx_control_port net/wireless/rdev-ops.h:761 [inline] nl80211_tx_control_port+0x7b3/0xc40 net/wireless/nl80211.c:15453 genl_family_rcv_msg_doit+0x22e/0x320 net/netlink/genetlink.c:756 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline] genl_rcv_msg+0x539/0x740 net/netlink/genetlink.c:850 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [inline] __sock_sendmsg net/socket.c:728 [inline] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [inline] __do_sys_sendmsg net/socket.c:2591 [inline] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd Update the policy to ensure correct validation. CVE-2024-56663 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56663.html CVE-2024-56663 https://bugzilla.suse.com/1235454 SUSE Bug 1235454 In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditionally unrefs the (wrong) element: // set map[0] = s0 map_update_elem(map, 0, s0) // drop fd of s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // replace map[0] with s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(&stab->lock) osk = stab->sks[idx] sock_map_add_link(..., &stab->sks[idx]) sock_map_unref(osk, &stab->sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) if (refcount_dec_and_test(&psock)) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) unlock_sock(sk) __sock_map_delete spin_lock(&stab->lock) sk = *psk // s1 replaced s0; sk == s1 if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch sk = xchg(psk, NULL) if (sk) sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) release_sock(sk) Then close(map) enqueues bpf_map_free_deferred, which finally calls sock_map_free(). This results in some refcount_t warnings along with a KASAN splat [1]. Fix __sock_map_delete(), do not allow sock_map_unref() on elements that may have been replaced. [1]: BUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330 Write of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred Call Trace: <TASK> dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 kasan_check_range+0x10f/0x1e0 sock_map_free+0x10e/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1202: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 The bu ---truncated--- CVE-2024-56664 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56664.html CVE-2024-56664 https://bugzilla.suse.com/1235249 SUSE Bug 1235249 https://bugzilla.suse.com/1235250 SUSE Bug 1235250 In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Syzbot reported [1] crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf program to it - attached process forks -> chid creates inherited event the new child event shares the parent's bpf program and tp_event (hence prog_array) which is global for tracepoint - exit both process and its child -> release both events - first perf_event_detach_bpf_prog call will release tp_event->prog_array and second perf_event_detach_bpf_prog will crash, because tp_event->prog_array is NULL The fix makes sure the perf_event_detach_bpf_prog checks prog_array is valid before it tries to remove the bpf program from it. [1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad CVE-2024-56665 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56665.html CVE-2024-56665 https://bugzilla.suse.com/1235489 SUSE Bug 1235489 In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in capture_engine When the intel_context structure contains NULL, it raises a NULL pointer dereference error in drm_info(). (cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d) CVE-2024-56667 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56667.html CVE-2024-56667 https://bugzilla.suse.com/1235016 SUSE Bug 1235016 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function,The port->port_usb pointer will be set to NULL. E.g. Thread A Thread B gs_open() gadget_unbind_driver() gs_start_io() composite_disconnect() gs_start_rx() gserial_disconnect() ... ... spin_unlock(&port->port_lock) status = usb_ep_queue() spin_lock(&port->port_lock) spin_lock(&port->port_lock) port->port_usb = NULL gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock) Crash This causes thread A to access a null pointer (port->port_usb is null) when calling the gs_free_requests function, causing a crash. If port_usb is NULL, the release request will be skipped as it will be done by gserial_disconnect. So add a null pointer check to gs_start_io before attempting to access the value of the pointer port->port_usb. Call trace: gs_start_io+0x164/0x25c gs_open+0x108/0x13c tty_open+0x314/0x638 chrdev_open+0x1b8/0x258 do_dentry_open+0x2c4/0x700 vfs_open+0x2c/0x3c path_openat+0xa64/0xc60 do_filp_open+0xb8/0x164 do_sys_openat2+0x84/0xf0 __arm64_sys_openat+0x70/0x9c invoke_syscall+0x58/0x114 el0_svc_common+0x80/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x38/0x68 CVE-2024-56670 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56670.html CVE-2024-56670 https://bugzilla.suse.com/1235488 SUSE Bug 1235488 In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was calling that after blkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the following UAF: ================================================================== BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270 Read of size 8 at addr ffff8881057678c0 by task kworker/9:1/117 CPU: 9 UID: 0 PID: 117 Comm: kworker/9:1 Not tainted 6.13.0-rc1-work-00182-gb8f52214c61a-dirty #48 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 02/02/2022 Workqueue: cgwb_release cgwb_release_workfn Call Trace: <TASK> dump_stack_lvl+0x27/0x80 print_report+0x151/0x710 kasan_report+0xc0/0x100 blkcg_unpin_online+0x15a/0x270 cgwb_release_workfn+0x194/0x480 process_scheduled_works+0x71b/0xe20 worker_thread+0x82a/0xbd0 kthread+0x242/0x2c0 ret_from_fork+0x33/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> ... Freed by task 1944: kasan_save_track+0x2b/0x70 kasan_save_free_info+0x3c/0x50 __kasan_slab_free+0x33/0x50 kfree+0x10c/0x330 css_free_rwork_fn+0xe6/0xb30 process_scheduled_works+0x71b/0xe20 worker_thread+0x82a/0xbd0 kthread+0x242/0x2c0 ret_from_fork+0x33/0x70 ret_from_fork_asm+0x1a/0x30 Note that the UAF is not easy to trigger as the free path is indirected behind a couple RCU grace periods and a work item execution. I could only trigger it with artifical msleep() injected in blkcg_unpin_online(). Fix it by reading the parent pointer before destroying the blkcg's blkg's. CVE-2024-56672 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56672.html CVE-2024-56672 https://bugzilla.suse.com/1235534 SUSE Bug 1235534 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF programs are freed via normal RCU (see __bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal RCU grace period does not imply a tasks-trace-RCU grace period. Fix it by explicitly waiting for a tasks-trace-RCU grace period after removing the attachment of a bpf_prog to a perf_event. CVE-2024-56675 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56675.html CVE-2024-56675 https://bugzilla.suse.com/1235555 SUSE Bug 1235555 In the Linux kernel, the following vulnerability has been resolved: powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() During early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE, since pageblock_order is still zero and it gets initialized later during initmem_init() e.g. setup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order() One such use case where this causes issue is - early_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init() This causes CMA memory alignment check to be bypassed in cma_init_reserved_mem(). Then later cma_activate_area() can hit a VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory area was not pageblock_order aligned. Fix it by moving the fadump_cma_init() after initmem_init(), where other such cma reservations also gets called. <stack trace> ============== page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010 flags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA raw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) ------------[ cut here ]------------ kernel BUG at mm/page_alloc.c:778! Call Trace: __free_one_page+0x57c/0x7b0 (unreliable) free_pcppages_bulk+0x1a8/0x2c8 free_unref_page_commit+0x3d4/0x4e4 free_unref_page+0x458/0x6d0 init_cma_reserved_pageblock+0x114/0x198 cma_init_reserved_areas+0x270/0x3e0 do_one_initcall+0x80/0x2f8 kernel_init_freeable+0x33c/0x530 kernel_init+0x34/0x26c ret_from_kernel_user_thread+0x14/0x1c CVE-2024-56677 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56677.html CVE-2024-56677 https://bugzilla.suse.com/1235494 SUSE Bug 1235494 In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copy_from_kernel_nofault() can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence objects which when read via copy_from_kernel_nofault() can cause page faults. Since *_nofault() functions define their own fixup table for handling fault, use that instead of asking kfence to handle such faults. Hence we search the exception tables for the nip which generated the fault. If there is an entry then we let the fixup table handler handle the page fault by returning an error from within ___do_page_fault(). This can be easily triggered if someone tries to do dd from /proc/kcore. eg. dd if=/proc/kcore of=/dev/null bs=1M Some example false negatives: =============================== BUG: KFENCE: invalid read in copy_from_kernel_nofault+0x9c/0x1a0 Invalid read at 0xc0000000fdff0000: copy_from_kernel_nofault+0x9c/0x1a0 0xc00000000665f950 read_kcore_iter+0x57c/0xa04 proc_reg_read_iter+0xe4/0x16c vfs_read+0x320/0x3ec ksys_read+0x90/0x154 system_call_exception+0x120/0x310 system_call_vectored_common+0x15c/0x2ec BUG: KFENCE: use-after-free read in copy_from_kernel_nofault+0x9c/0x1a0 Use-after-free read at 0xc0000000fe050000 (in kfence-#2): copy_from_kernel_nofault+0x9c/0x1a0 0xc00000000665f950 read_kcore_iter+0x57c/0xa04 proc_reg_read_iter+0xe4/0x16c vfs_read+0x320/0x3ec ksys_read+0x90/0x154 system_call_exception+0x120/0x310 system_call_vectored_common+0x15c/0x2ec CVE-2024-56678 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56678.html CVE-2024-56678 https://bugzilla.suse.com/1235495 SUSE Bug 1235495 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Add error pointer check after calling otx2_mbox_get_rsp(). CVE-2024-56679 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56679.html CVE-2024-56679 https://bugzilla.suse.com/1235498 SUSE Bug 1235498 In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will return -ENOMEM when allocation memory is error. CVE-2024-56681 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56681.html CVE-2024-56681 https://bugzilla.suse.com/1235557 SUSE Bug 1235557 In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Avoid hang with debug registers when suspended Trying to read /sys/kernel/debug/dri/1/hdmi1_regs when the hdmi is disconnected results in a fatal system hang. This is due to the pm suspend code disabling the dvp clock. That is just a gate of the 108MHz clock in DVP_HT_RPI_MISC_CONFIG, which results in accesses hanging AXI bus. Protect against this. CVE-2024-56683 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56683.html CVE-2024-56683 https://bugzilla.suse.com/1235497 SUSE Bug 1235497 In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked from usb_ep_queue() (call trace below, supplemented with missing calls): req->complete from usb_gadget_giveback_request (drivers/usb/gadget/udc/core.c:999) usb_gadget_giveback_request from musb_g_giveback (drivers/usb/musb/musb_gadget.c:147) musb_g_giveback from rxstate (drivers/usb/musb/musb_gadget.c:784) rxstate from musb_ep_restart (drivers/usb/musb/musb_gadget.c:1169) musb_ep_restart from musb_ep_restart_resume_work (drivers/usb/musb/musb_gadget.c:1176) musb_ep_restart_resume_work from musb_queue_resume_work (drivers/usb/musb/musb_core.c:2279) musb_queue_resume_work from musb_gadget_queue (drivers/usb/musb/musb_gadget.c:1241) musb_gadget_queue from usb_ep_queue (drivers/usb/gadget/udc/core.c:300) According to the docstring of usb_ep_queue(), this should not happen: "Note that @req's ->complete() callback must never be called from within usb_ep_queue() as that can create deadlock situations." In fact, a hardware lockup might occur in the following sequence: 1. The gadget is initialized using musb_gadget_enable(). 2. Meanwhile, a packet arrives, and the RXPKTRDY flag is set, raising an interrupt. 3. If IRQs are enabled, the interrupt is handled, but musb_g_rx() finds an empty queue (next_request() returns NULL). The interrupt flag has already been cleared by the glue layer handler, but the RXPKTRDY flag remains set. 4. The first request is enqueued using usb_ep_queue(), leading to the call of req->complete(), as shown in the call trace above. 5. If the callback enables IRQs and another packet is waiting, step (3) repeats. The request queue is empty because usb_g_giveback() removes the request before invoking the callback. 6. The endpoint remains locked up, as the interrupt triggered by hardware setting the RXPKTRDY flag has been handled, but the flag itself remains set. For this scenario to occur, it is only necessary for IRQs to be enabled at some point during the complete callback. This happens with the USB Ethernet gadget, whose rx_complete() callback calls netif_rx(). If called in the task context, netif_rx() disables the bottom halves (BHs). When the BHs are re-enabled, IRQs are also enabled to allow soft IRQs to be processed. The gadget itself is initialized at module load (or at boot if built-in), but the first request is enqueued when the network interface is brought up, triggering rx_complete() in the task context via ioctl(). If a packet arrives while the interface is down, it can prevent the interface from receiving any further packets from the USB host. The situation is quite complicated with many parties involved. This particular issue can be resolved in several possible ways: 1. Ensure that callbacks never enable IRQs. This would be difficult to enforce, as discovering how netif_rx() interacts with interrupts was already quite challenging and u_ether is not the only function driver. Similar "bugs" could be hidden in other drivers as well. 2. Disable MUSB interrupts in musb_g_giveback() before calling the callback and re-enable them afterwars (by calling musb_{dis,en}able_interrupts(), for example). This would ensure that MUSB interrupts are not handled during the callback, even if IRQs are enabled. In fact, it would allow IRQs to be enabled when releasing the lock. However, this feels like an inelegant hack. 3. Modify the interrupt handler to clear the RXPKTRDY flag if the request queue is empty. While this approach also feels like a hack, it wastes CPU time by attempting to handle incoming packets when the software is not ready to process them. 4. Flush the Rx FIFO instead of calling rxstate() in musb_ep_restart(). This ensures that the hardware can receive packets when there is at least one request in the queue. Once I ---truncated--- CVE-2024-56687 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56687.html CVE-2024-56687 https://bugzilla.suse.com/1235537 SUSE Bug 1235537 In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL. CVE-2024-56688 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56688.html CVE-2024-56688 https://bugzilla.suse.com/1235538 SUSE Bug 1235538 In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations return -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns -EAGAIN, the unnecessary panic will occur when panic_on_warn set 1. Fix this issue by calling crypto layer directly without parallelization in that case. CVE-2024-56690 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56690.html CVE-2024-56690 https://bugzilla.suse.com/1235428 SUSE Bug 1235428 In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them. CVE-2024-56691 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56691.html CVE-2024-56691 https://bugzilla.suse.com/1235425 SUSE Bug 1235425 In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 PGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:__asan_load8+0x4c/0xa0 ... Call Trace: <TASK> blkdev_put_whole+0x41/0x70 bdev_release+0x1a3/0x250 blkdev_release+0x11/0x20 __fput+0x1d7/0x4a0 task_work_run+0xfc/0x180 syscall_exit_to_user_mode+0x1de/0x1f0 do_syscall_64+0x6b/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e loop_init() is calling loop_add() after __register_blkdev() succeeds and is ignoring disk_add() failure from loop_add(), for loop_add() failure is not fatal and successfully created disks are already visible to bdev_open(). brd_init() is currently calling brd_alloc() before __register_blkdev() succeeds and is releasing successfully created disks when brd_init() returns an error. This can cause UAF for the latter two case: case 1: T1: modprobe brd brd_init brd_alloc(0) // success add_disk disk_scan_partitions bdev_file_open_by_dev // alloc file fput // won't free until back to userspace brd_alloc(1) // failed since mem alloc error inject // error path for modprobe will release code segment // back to userspace __fput blkdev_release bdev_release blkdev_put_whole bdev->bd_disk->fops->release // fops is freed now, UAF! case 2: T1: T2: modprobe brd brd_init brd_alloc(0) // success open(/dev/ram0) brd_alloc(1) // fail // error path for modprobe close(/dev/ram0) ... /* UAF! */ bdev->bd_disk->fops->release Fix this problem by following what loop_init() does. Besides, reintroduce brd_devices_mutex to help serialize modifications to brd_list. CVE-2024-56693 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56693.html CVE-2024-56693 https://bugzilla.suse.com/1235418 SUSE Bug 1235418 https://bugzilla.suse.com/1235419 SUSE Bug 1235419 In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch CVE-2024-56694 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56694.html CVE-2024-56694 https://bugzilla.suse.com/1235412 SUSE Bug 1235412 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry. CVE-2024-56698 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56698.html CVE-2024-56698 https://bugzilla.suse.com/1235491 SUSE Bug 1235491 In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmc_send_cmd() Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a scenario where, after passing the validity check within the function, a non-null fmdev->resp_skb variable is assigned a null value. This results in an invalid fmdev->resp_skb variable passing the validity check. As seen in the later part of the function, skb = fmdev->resp_skb; when the invalid fmdev->resp_skb passes the check, a null pointer dereference error may occur at line 478, evt_hdr = (void *)skb->data; To address this issue, it is recommended to include the validity check of fmdev->resp_skb within the locked section of the function. This modification ensures that the value of fmdev->resp_skb does not change during the validation process, thereby maintaining its validity. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. CVE-2024-56700 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56700.html CVE-2024-56700 https://bugzilla.suse.com/1235500 SUSE Bug 1235500 In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep: # echo 1 > /proc/powerpc/vcpudispatch_stats BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh preempt_count: 1, expected: 0 3 locks held by sh/199: #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438 #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4 #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4 CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152 Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries Call Trace: dump_stack_lvl+0x130/0x148 (unreliable) __might_resched+0x174/0x410 kmem_cache_alloc_noprof+0x340/0x3d0 alloc_dtl_buffers+0x124/0x1ac vcpudispatch_stats_write+0x2a8/0x5f4 proc_reg_write+0xf4/0x150 vfs_write+0xfc/0x438 ksys_write+0x88/0x148 system_call_exception+0x1c4/0x5a0 system_call_common+0xf4/0x258 CVE-2024-56701 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56701.html CVE-2024-56701 https://bugzilla.suse.com/1235496 SUSE Bug 1235496 In the Linux kernel, the following vulnerability has been resolved: 9p/xen: fix release of IRQ Kernel logs indicate an IRQ was double-freed. Pass correct device ID during IRQ release. [Dominique: remove confusing variable reset to 0] CVE-2024-56704 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56704.html CVE-2024-56704 https://bugzilla.suse.com/1235584 SUSE Bug 1235584 In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgby_data memory allocation failure In ia_css_3a_statistics_allocate(), there is no check on the allocation result of the rgby_data memory. If rgby_data is not successfully allocated, it may trigger the assert(host_stats->rgby_data) assertion in ia_css_s3a_hmem_decode(). Adding a check to fix this potential issue. CVE-2024-56705 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56705.html CVE-2024-56705 https://bugzilla.suse.com/1235568 SUSE Bug 1235568 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Add error pointer checks after calling otx2_mbox_get_rsp(). CVE-2024-56707 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56707.html CVE-2024-56707 https://bugzilla.suse.com/1235545 SUSE Bug 1235545 In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In igen6_register_mci(), mci->pvt_info will point to &igen6_pvt->imc[mc] During rmmod: 1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info) 2. In igen6_remove(), it will kfree(igen6_pvt); Fix this issue by setting mci->pvt_info to NULL to avoid the double kfree. CVE-2024-56708 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56708.html CVE-2024-56708 https://bugzilla.suse.com/1235564 SUSE Bug 1235564 In the Linux kernel, the following vulnerability has been resolved: io_uring: check if iowq is killed before queuing task work can be executed after the task has gone through io_uring termination, whether it's the final task_work run or the fallback path. In this case, task work will find ->io_wq being already killed and null'ed, which is a problem if it then tries to forward the request to io_queue_iowq(). Make io_queue_iowq() fail requests in this case. Note that it also checks PF_KTHREAD, because the user can first close a DEFER_TASKRUN ring and shortly after kill the task, in which case ->iowq check would race. CVE-2024-56709 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56709.html CVE-2024-56709 https://bugzilla.suse.com/1235552 SUSE Bug 1235552 In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last export_udmabuf() error path In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a dma_buf owning the udmabuf has already been created; but the error handling in udmabuf_create() will tear down the udmabuf without doing anything about the containing dma_buf. This leaves a dma_buf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memory leak. Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we can give it different error handling. Note that the shape of this code changed a lot in commit 5e72b2b41a21 ("udmabuf: convert udmabuf driver to use folios"); but the memory leak seems to have existed since the introduction of udmabuf. CVE-2024-56712 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56712.html CVE-2024-56712 https://bugzilla.suse.com/1235565 SUSE Bug 1235565 In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier. Fix this by calling ionic_lif_unregister() on register_netdev() failure. This will also call ionic_lif_unregister_phc() if it has already been registered. CVE-2024-56715 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56715.html CVE-2024-56715 https://bugzilla.suse.com/1235612 SUSE Bug 1235612 In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. CVE-2024-56716 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56716.html CVE-2024-56716 https://bugzilla.suse.com/1235587 SUSE Bug 1235587 In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots of printings, and it may lead to a cpu stuck. Delete some unnecessary printings and replace other printing functions in these paths with the ratelimited version. CVE-2024-56722 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56722.html CVE-2024-56722 https://bugzilla.suse.com/1235570 SUSE Bug 1235570 In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them. CVE-2024-56723 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56723.html CVE-2024-56723 https://bugzilla.suse.com/1235571 SUSE Bug 1235571 In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them. CVE-2024-56724 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56724.html CVE-2024-56724 https://bugzilla.suse.com/1235577 SUSE Bug 1235577 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Add error pointer check after calling otx2_mbox_get_rsp(). CVE-2024-56725 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56725.html CVE-2024-56725 https://bugzilla.suse.com/1235578 SUSE Bug 1235578 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Add error pointer check after calling otx2_mbox_get_rsp(). CVE-2024-56726 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56726.html CVE-2024-56726 https://bugzilla.suse.com/1235582 SUSE Bug 1235582 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Adding error pointer check after calling otx2_mbox_get_rsp(). CVE-2024-56727 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56727.html CVE-2024-56727 https://bugzilla.suse.com/1235583 SUSE Bug 1235583 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Add error pointer check after calling otx2_mbox_get_rsp(). CVE-2024-56728 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56728.html CVE-2024-56728 https://bugzilla.suse.com/1235656 SUSE Bug 1235656 In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid->tcon before performing network ops Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cached_dir_lease_break() and then fail to release the ref in cached_dir_offload_close, since cfid->tcon is still NULL. CVE-2024-56729 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56729.html CVE-2024-56729 https://bugzilla.suse.com/1235503 SUSE Bug 1235503 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56739 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56739.html CVE-2024-56739 https://bugzilla.suse.com/1235611 SUSE Bug 1235611 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-56741 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56741.html CVE-2024-56741 https://bugzilla.suse.com/1235502 SUSE Bug 1235502 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56745 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56745.html CVE-2024-56745 https://bugzilla.suse.com/1235563 SUSE Bug 1235563 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56746 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56746.html CVE-2024-56746 https://bugzilla.suse.com/1235622 SUSE Bug 1235622 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56747 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56747.html CVE-2024-56747 https://bugzilla.suse.com/1234934 SUSE Bug 1234934 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56748 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56748.html CVE-2024-56748 https://bugzilla.suse.com/1235627 SUSE Bug 1235627 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-56752 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56752.html CVE-2024-56752 https://bugzilla.suse.com/1234937 SUSE Bug 1234937 In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caam_qi_shutdown() The type of the last parameter given to devm_add_action_or_reset() is "struct caam_drv_private *", but in caam_qi_shutdown(), it is casted to "struct device *". Pass the correct parameter to devm_add_action_or_reset() so that the resources are released as expected. CVE-2024-56754 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56754.html CVE-2024-56754 https://bugzilla.suse.com/1234918 SUSE Bug 1234918 In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING In fscache_create_volume(), there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a wake-up, the bit-clearing operation hasn't been detected yet, leading to an indefinite wait. The triggering process is as follows: [cookie1] [cookie2] [volume_work] fscache_perform_lookup fscache_create_volume fscache_perform_lookup fscache_create_volume fscache_create_volume_work cachefiles_acquire_volume clear_and_wake_up_bit test_and_set_bit test_and_set_bit goto maybe_wait goto no_wait In the above process, cookie1 and cookie2 has the same volume. When cookie1 enters the -no_wait- process, it will clear the bit and wake up the waiting process. If a barrier is missing, it may cause cookie2 to remain in the -wait- process indefinitely. In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()"), barriers were added to similar operations in fscache_create_volume_work(), but fscache_create_volume() was missed. By combining the clear and wake operations into clear_and_wake_up_bit() to fix this issue. CVE-2024-56755 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56755.html CVE-2024-56755 https://bugzilla.suse.com/1234920 SUSE Bug 1234920 In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dma_free_coherent. In practice this was not showing up because the number of descriptors tends to be low and the dma coherent allocator always allocates and frees at least a page. CVE-2024-56756 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56756.html CVE-2024-56756 https://bugzilla.suse.com/1234922 SUSE Bug 1234922 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled (CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent buffer while inside the tracepoint code. This is because in some paths that call btrfs_cow_block(), such as btrfs_search_slot(), we are holding the last reference on the extent buffer @buf so btrfs_force_cow_block() drops the last reference on the @buf extent buffer when it calls free_extent_buffer_stale(buf), which schedules the release of the extent buffer with RCU. This means that if we are on a kernel with preemption, the current task may be preempted before calling trace_btrfs_cow_block() and the extent buffer already released by the time trace_btrfs_cow_block() is called, resulting in a use-after-free. Fix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to btrfs_force_cow_block() before the COWed extent buffer is freed. This also has a side effect of invoking the tracepoint in the tree defrag code, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is called there, but this is fine and it was actually missing there. CVE-2024-56759 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56759.html CVE-2024-56759 https://bugzilla.suse.com/1235645 SUSE Bug 1235645 https://bugzilla.suse.com/1236569 SUSE Bug 1236569 In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it. CVE-2024-56760 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56760.html CVE-2024-56760 https://bugzilla.suse.com/1235616 SUSE Bug 1235616 In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. CVE-2024-56763 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56763.html CVE-2024-56763 https://bugzilla.suse.com/1235638 SUSE Bug 1235638 In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window is active. The paste address mapping will be removed when the window is closed or with the munmap(). But the VMA address in the VAS window is not updated with munmap() which is causing invalid access during migration. The KASAN report shows: [16386.254991] BUG: KASAN: slab-use-after-free in reconfig_close_windows+0x1a0/0x4e8 [16386.255043] Read of size 8 at addr c00000014a819670 by task drmgr/696928 [16386.255096] CPU: 29 UID: 0 PID: 696928 Comm: drmgr Kdump: loaded Tainted: G B 6.11.0-rc5-nxgzip #2 [16386.255128] Tainted: [B]=BAD_PAGE [16386.255148] Hardware name: IBM,9080-HEX Power11 (architected) 0x820200 0xf000007 of:IBM,FW1110.00 (NH1110_016) hv:phyp pSeries [16386.255181] Call Trace: [16386.255202] [c00000016b297660] [c0000000018ad0ac] dump_stack_lvl+0x84/0xe8 (unreliable) [16386.255246] [c00000016b297690] [c0000000006e8a90] print_report+0x19c/0x764 [16386.255285] [c00000016b297760] [c0000000006e9490] kasan_report+0x128/0x1f8 [16386.255309] [c00000016b297880] [c0000000006eb5c8] __asan_load8+0xac/0xe0 [16386.255326] [c00000016b2978a0] [c00000000013f898] reconfig_close_windows+0x1a0/0x4e8 [16386.255343] [c00000016b297990] [c000000000140e58] vas_migration_handler+0x3a4/0x3fc [16386.255368] [c00000016b297a90] [c000000000128848] pseries_migrate_partition+0x4c/0x4c4 ... [16386.256136] Allocated by task 696554 on cpu 31 at 16377.277618s: [16386.256149] kasan_save_stack+0x34/0x68 [16386.256163] kasan_save_track+0x34/0x80 [16386.256175] kasan_save_alloc_info+0x58/0x74 [16386.256196] __kasan_slab_alloc+0xb8/0xdc [16386.256209] kmem_cache_alloc_noprof+0x200/0x3d0 [16386.256225] vm_area_alloc+0x44/0x150 [16386.256245] mmap_region+0x214/0x10c4 [16386.256265] do_mmap+0x5fc/0x750 [16386.256277] vm_mmap_pgoff+0x14c/0x24c [16386.256292] ksys_mmap_pgoff+0x20c/0x348 [16386.256303] sys_mmap+0xd0/0x160 ... [16386.256350] Freed by task 0 on cpu 31 at 16386.204848s: [16386.256363] kasan_save_stack+0x34/0x68 [16386.256374] kasan_save_track+0x34/0x80 [16386.256384] kasan_save_free_info+0x64/0x10c [16386.256396] __kasan_slab_free+0x120/0x204 [16386.256415] kmem_cache_free+0x128/0x450 [16386.256428] vm_area_free_rcu_cb+0xa8/0xd8 [16386.256441] rcu_do_batch+0x2c8/0xcf0 [16386.256458] rcu_core+0x378/0x3c4 [16386.256473] handle_softirqs+0x20c/0x60c [16386.256495] do_softirq_own_stack+0x6c/0x88 [16386.256509] do_softirq_own_stack+0x58/0x88 [16386.256521] __irq_exit_rcu+0x1a4/0x20c [16386.256533] irq_exit+0x20/0x38 [16386.256544] interrupt_async_exit_prepare.constprop.0+0x18/0x2c ... [16386.256717] Last potentially related work creation: [16386.256729] kasan_save_stack+0x34/0x68 [16386.256741] __kasan_record_aux_stack+0xcc/0x12c [16386.256753] __call_rcu_common.constprop.0+0x94/0xd04 [16386.256766] vm_area_free+0x28/0x3c [16386.256778] remove_vma+0xf4/0x114 [16386.256797] do_vmi_align_munmap.constprop.0+0x684/0x870 [16386.256811] __vm_munmap+0xe0/0x1f8 [16386.256821] sys_munmap+0x54/0x6c [16386.256830] system_call_exception+0x1a0/0x4a0 [16386.256841] system_call_vectored_common+0x15c/0x2ec [16386.256868] The buggy address belongs to the object at c00000014a819670 which belongs to the cache vm_area_struct of size 168 [16386.256887] The buggy address is located 0 bytes inside of freed 168-byte region [c00000014a819670, c00000014a819718) [16386.256915] The buggy address belongs to the physical page: [16386.256928] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a81 [16386.256950] memcg:c0000000ba430001 [16386.256961] anon flags: 0x43ffff800000000(node=4|zone=0|lastcpupid=0x7ffff) [16386.256975] page_type: 0xfdffffff(slab) [16386 ---truncated--- CVE-2024-56765 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56765.html CVE-2024-56765 https://bugzilla.suse.com/1235643 SUSE Bug 1235643 In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free. CVE-2024-56766 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56766.html CVE-2024-56766 https://bugzilla.suse.com/1235219 SUSE Bug 1235219 https://bugzilla.suse.com/1240426 SUSE Bug 1240426 In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this. CVE-2024-56767 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56767.html CVE-2024-56767 https://bugzilla.suse.com/1235160 SUSE Bug 1235160 In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bulk message failed: -22 (6/0) ===================================================== BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31 dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290 dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline] dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310 dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110 ... Local variable rb created at: dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54 dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 ... CVE-2024-56769 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56769.html CVE-2024-56769 https://bugzilla.suse.com/1235155 SUSE Bug 1235155 In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When scrub tries to search the extent tree to gather the needed extent info, btrfs_search_slot() doesn't check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_search_slot(). CVE-2024-56774 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56774.html CVE-2024-56774 https://bugzilla.suse.com/1235653 SUSE Bug 1235653 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount, which can cause issues if the refcount of the plane changes in between backup and restore operations, such as memory leaks if the refcount was supposed to go down, or double frees / invalid memory accesses if the refcount was supposed to go up. [How] Cache and re-apply current refcount when restoring plane states. CVE-2024-56775 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56775.html CVE-2024-56775 https://bugzilla.suse.com/1235657 SUSE Bug 1235657 In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. CVE-2024-56776 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56776.html CVE-2024-56776 https://bugzilla.suse.com/1235647 SUSE Bug 1235647 In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. CVE-2024-56777 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56777.html CVE-2024-56777 https://bugzilla.suse.com/1235641 SUSE Bug 1235641 In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. CVE-2024-56778 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56778.html CVE-2024-56778 https://bugzilla.suse.com/1235635 SUSE Bug 1235635 In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpc_task to nfs server. NFS CLIENT thread1 thread2 open("file") ... nfs4_do_open _nfs4_do_open _nfs4_open_and_get_state _nfs4_proc_open nfs4_run_open_task /* rpc_task1 */ rpc_run_task rpc_wait_for_completion_task umount -f nfs_umount_begin rpc_killall_tasks rpc_signal_task rpc_task1 been wakeup and return -512 _nfs4_do_open // while loop ... nfs4_run_open_task /* rpc_task2 */ rpc_run_task rpc_wait_for_completion_task While processing an open request, nfsd will first attempt to find or allocate an nfs4_openowner. If it finds an nfs4_openowner that is not marked as NFS4_OO_CONFIRMED, this nfs4_openowner will released. Since two rpc_task can attempt to open the same file simultaneously from the client to server, and because two instances of nfsd can run concurrently, this situation can lead to lots of memory leak. Additionally, when we echo 0 to /proc/fs/nfsd/threads, warning will be triggered. NFS SERVER nfsd1 nfsd2 echo 0 > /proc/fs/nfsd/threads nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // alloc oo1, stateid1 nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // find oo1, without NFS4_OO_CONFIRMED release_openowner unhash_openowner_locked list_del_init(&oo->oo_perclient) // cannot find this oo // from client, LEAK!!! alloc_stateowner // alloc oo2 nfsd4_process_open2 init_open_stateid // associate oo1 // with stateid1, stateid1 LEAK!!! nfs4_get_vfs_file // alloc nfsd_file1 and nfsd_file_mark1 // all LEAK!!! nfsd4_process_open2 ... write_threads ... nfsd_destroy_serv nfsd_shutdown_net nfs4_state_shutdown_net nfs4_state_destroy_net destroy_client __destroy_client // won't find oo1!!! nfsd_shutdown_generic nfsd_file_cache_shutdown kmem_cache_destroy for nfsd_file_slab and nfsd_file_mark_slab // bark since nfsd_file1 // and nfsd_file_mark1 // still alive ======================================================================= BUG nfsd_file (Not tainted): Objects remaining in nfsd_file on __kmem_cache_shutdown() ----------------------------------------------------------------------- Slab 0xffd4000004438a80 objects=34 used=1 fp=0xff11000110e2ad28 flags=0x17ffffc0000240(workingset|head|node=0|zone=2|lastcpupid=0x1fffff) CPU: 4 UID: 0 PID: 757 Comm: sh Not tainted 6.12.0-rc6+ #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dum ---truncated--- CVE-2024-56779 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56779.html CVE-2024-56779 https://bugzilla.suse.com/1235632 SUSE Bug 1235632 In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots() Since we currently don't always flush the quota_release_work queue in this path, we can end up with the following race: 1. dquot are added to releasing_dquots list during regular operations. 2. FS Freeze starts, however, this does not flush the quota_release_work queue. 3. Freeze completes. 4. Kernel eventually tries to flush the workqueue while FS is frozen which hits a WARN_ON since transaction gets started during frozen state: ext4_journal_check_start+0x28/0x110 [ext4] (unreliable) __ext4_journal_start_sb+0x64/0x1c0 [ext4] ext4_release_dquot+0x90/0x1d0 [ext4] quota_release_workfn+0x43c/0x4d0 Which is the following line: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE); Which ultimately results in generic/390 failing due to dmesg noise. This was detected on powerpc machine 15 cores. To avoid this, make sure to flush the workqueue during dquot_writeback_dquots() so we dont have any pending workitems after freeze. CVE-2024-56780 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56780.html CVE-2024-56780 https://bugzilla.suse.com/1235650 SUSE Bug 1235650 In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock driver is not yet probed. This was not detected during regular testing without driver_async_probe. Convert the SoC code to platform driver and instantiate a platform device in its current device_initcall() to probe the platform driver. Rework .soc_revision callback to always return valid error code and return SoC revision via parameter. This way, if anything in the .soc_revision callback return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get retried later. " ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1 at drivers/soc/imx/soc-imx8m.c:115 imx8mm_soc_revision+0xdc/0x180 CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-next-20240924-00002-g2062bb554dea #603 Hardware name: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3) (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : imx8mm_soc_revision+0xdc/0x180 lr : imx8mm_soc_revision+0xd0/0x180 sp : ffff8000821fbcc0 x29: ffff8000821fbce0 x28: 0000000000000000 x27: ffff800081810120 x26: ffff8000818a9970 x25: 0000000000000006 x24: 0000000000824311 x23: ffff8000817f42c8 x22: ffff0000df8be210 x21: fffffffffffffdfb x20: ffff800082780000 x19: 0000000000000001 x18: ffffffffffffffff x17: ffff800081fff418 x16: ffff8000823e1000 x15: ffff0000c03b65e8 x14: ffff0000c00051b0 x13: ffff800082790000 x12: 0000000000000801 x11: ffff80008278ffff x10: ffff80008209d3a6 x9 : ffff80008062e95c x8 : ffff8000821fb9a0 x7 : 0000000000000000 x6 : 00000000000080e3 x5 : ffff0000df8c03d8 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : fffffffffffffdfb x0 : fffffffffffffdfb Call trace: imx8mm_soc_revision+0xdc/0x180 imx8_soc_init+0xb0/0x1e0 do_one_initcall+0x94/0x1a8 kernel_init_freeable+0x240/0x2a8 kernel_init+0x28/0x140 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- SoC: i.MX8MP revision 1.1 " CVE-2024-56787 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-56787.html CVE-2024-56787 https://bugzilla.suse.com/1235663 SUSE Bug 1235663 In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates the length of msg should be received from network and the value should not be fully trusted as it is from the network. Once the value of length exceeds the value of buflen in function smc_clc_wait_msg it may run into deadloop when trying to drain the remaining data exceeding buflen. This patch checks the return value of sock_recvmsg when draining data in case of deadloop in draining. CVE-2024-57791 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57791.html CVE-2024-57791 https://bugzilla.suse.com/1235759 SUSE Bug 1235759 https://bugzilla.suse.com/1235760 SUSE Bug 1235760 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-57792 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57792.html CVE-2024-57792 https://bugzilla.suse.com/1235764 SUSE Bug 1235764 https://bugzilla.suse.com/1236568 SUSE Bug 1236568 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-57793 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57793.html CVE-2024-57793 https://bugzilla.suse.com/1235768 SUSE Bug 1235768 https://bugzilla.suse.com/1235769 SUSE Bug 1235769 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.12.0-rc3-syzkaller-00399-g9197b73fd7bb #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: infiniband ib_cache_event_task Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 rxe_query_port+0x12d/0x260 drivers/infiniband/sw/rxe/rxe_verbs.c:60 __ib_query_port drivers/infiniband/core/device.c:2111 [inline] ib_query_port+0x168/0x7d0 drivers/infiniband/core/device.c:2143 ib_cache_update+0x1a9/0xb80 drivers/infiniband/core/cache.c:1494 ib_cache_event_task+0xf3/0x1e0 drivers/infiniband/core/cache.c:1568 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> " 1). In the link [1], " infiniband syz2: set down " This means that on 839.350575, the event ib_cache_event_task was sent andi queued in ib_wq. 2). In the link [1], " team0 (unregistering): Port device team_slave_0 removed " It indicates that before 843.251853, the net device should be freed. 3). In the link [1], " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 " This means that on 850.559070, this slab-use-after-free problem occurred. In all, on 839.350575, the event ib_cache_event_task was sent and queued in ib_wq, before 843.251853, the net device veth was freed. on 850.559070, this event was executed, and the mentioned freed net device was called. Thus, the above call trace occurred. [1] https://syzkaller.appspot.com/x/log.txt?x=12e7025f980000 CVE-2024-57795 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57795.html CVE-2024-57795 https://bugzilla.suse.com/1235906 SUSE Bug 1235906 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-57798 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57798.html CVE-2024-57798 https://bugzilla.suse.com/1235818 SUSE Bug 1235818 https://bugzilla.suse.com/1235819 SUSE Bug 1235819 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded. CVE-2024-57801 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57801.html CVE-2024-57801 https://bugzilla.suse.com/1235940 SUSE Bug 1235940 In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x5a/0x1c0 net/netrom/nr_dev.c:144 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] raw_sendmsg+0x654/0xc10 net/ieee802154/socket.c:299 ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2780 sock_alloc_send_skb include/net/sock.h:1884 [inline] raw_sendmsg+0x36d/0xc10 net/ieee802154/socket.c:282 ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5037 Comm: syz-executor166 Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 ===================================================== This issue occurs because the skb buffer is too small, and it's actual allocation is aligned. This hides an actual issue, which is that nr_route_frame does not validate the buffer size before using it. Fix this issue by checking skb->len before accessing any fields in skb->data. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2024-57802 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57802.html CVE-2024-57802 https://bugzilla.suse.com/1235941 SUSE Bug 1235941 In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and enabled in rapid succession, the persistent and current config pages related to SAS IO unit/SAS Expander pages could get corrupted. Use separate memory for each config request. CVE-2024-57804 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57804.html CVE-2024-57804 https://bugzilla.suse.com/1235779 SUSE Bug 1235779 In the Linux kernel, the following vulnerability has been resolved: PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDL platform, as documented in the NXP errata (ERR005723): https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf This patch addresses the issue by sharing most of the suspend/resume sequences used by other i.MX devices, while avoiding modifications to critical registers that disrupt the PCIe functionality. It targets the same problem as the following downstream commit: https://github.com/nxp-imx/linux-imx/commit/4e92355e1f79d225ea842511fcfd42b343b32995 Unlike the downstream commit, this patch also resets the connected PCIe device if possible. Without this reset, certain drivers, such as ath10k or iwlwifi, will crash on resume. The device reset is also done by the driver on other i.MX platforms, making this patch consistent with existing practices. Upon resuming, the kernel will hang and display an error. Here's an example of the error encountered with the ath10k driver: ath10k_pci 0000:01:00.0: Unable to change power state from D3hot to D0, device inaccessible Unhandled fault: imprecise external abort (0x1406) at 0x0106f944 Without this patch, suspend/resume will fail on i.MX6QDL devices if a PCIe device is connected. [kwilczynski: commit log, added tag for stable releases] CVE-2024-57809 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57809.html CVE-2024-57809 https://bugzilla.suse.com/1235793 SUSE Bug 1235793 In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries to fix stack depot warnings The stack depot filters out everything outside of the top interrupt context as an uninteresting or irrelevant part of the stack traces. This helps with stack trace de-duplication, avoiding an explosion of saved stack traces that share the same IRQ context code path but originate from different randomly interrupted points, eventually exhausting the stack depot. Filtering uses in_irqentry_text() to identify functions within the .irqentry.text and .softirqentry.text sections, which then become the last stack trace entries being saved. While __do_softirq() is placed into the .softirqentry.text section by common code, populating .irqentry.text is architecture-specific. Currently, the .irqentry.text section on s390 is empty, which prevents stack depot filtering and de-duplication and could result in warnings like: Stack depot reached limit capacity WARNING: CPU: 0 PID: 286113 at lib/stackdepot.c:252 depot_alloc_stack+0x39a/0x3c8 with PREEMPT and KASAN enabled. Fix this by moving the IO/EXT interrupt handlers from .kprobes.text into the .irqentry.text section and updating the kprobes blacklist to include the .irqentry.text section. This is done only for asynchronous interrupts and explicitly not for program checks, which are synchronous and where the context beyond the program check is important to preserve. Despite machine checks being somewhat in between, they are extremely rare, and preserving context when possible is also of value. SVCs and Restart Interrupts are not relevant, one being always at the boundary to user space and the other being a one-time thing. IRQ entries filtering is also optionally used in ftrace function graph, where the same logic applies. CVE-2024-57838 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57838.html CVE-2024-57838 https://bugzilla.suse.com/1235798 SUSE Bug 1235798 In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Handle CPU hotplug remove during sampling CPU hotplug remove handling triggers the following function call sequence: CPUHP_AP_PERF_S390_SF_ONLINE --> s390_pmu_sf_offline_cpu() ... CPUHP_AP_PERF_ONLINE --> perf_event_exit_cpu() The s390 CPUMF sampling CPU hotplug handler invokes: s390_pmu_sf_offline_cpu() +--> cpusf_pmu_setup() +--> setup_pmc_cpu() +--> deallocate_buffers() This function de-allocates all sampling data buffers (SDBs) allocated for that CPU at event initialization. It also clears the PMU_F_RESERVED bit. The CPU is gone and can not be sampled. With the event still being active on the removed CPU, the CPU event hotplug support in kernel performance subsystem triggers the following function calls on the removed CPU: perf_event_exit_cpu() +--> perf_event_exit_cpu_context() +--> __perf_event_exit_context() +--> __perf_remove_from_context() +--> event_sched_out() +--> cpumsf_pmu_del() +--> cpumsf_pmu_stop() +--> hw_perf_event_update() to stop and remove the event. During removal of the event, the sampling device driver tries to read out the remaining samples from the sample data buffers (SDBs). But they have already been freed (and may have been re-assigned). This may lead to a use after free situation in which case the samples are most likely invalid. In the best case the memory has not been reassigned and still contains valid data. Remedy this situation and check if the CPU is still in reserved state (bit PMU_F_RESERVED set). In this case the SDBs have not been released an contain valid data. This is always the case when the event is removed (and no CPU hotplug off occured). If the PMU_F_RESERVED bit is not set, the SDB buffers are gone. CVE-2024-57849 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57849.html CVE-2024-57849 https://bugzilla.suse.com/1235814 SUSE Bug 1235814 https://bugzilla.suse.com/1235815 SUSE Bug 1235815 In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode. CVE-2024-57850 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57850.html CVE-2024-57850 https://bugzilla.suse.com/1235812 SUSE Bug 1235812 https://bugzilla.suse.com/1235813 SUSE Bug 1235813 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-57857 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57857.html CVE-2024-57857 https://bugzilla.suse.com/1235946 SUSE Bug 1235946 In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. As set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and rejects other values, a partial SETREGSET attempt will randomly succeed or fail depending on the value of the uninitialized value, and the exposure is significantly limited. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing value of the tagged address ctrl will be retained. The NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the user_aarch64_view used by a native AArch64 task to manipulate another native AArch64 task. As get_tagged_addr_ctrl() only returns an error value when called for a compat task, tagged_addr_ctrl_get() and tagged_addr_ctrl_set() should never observe an error value from get_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that such an error would be unexpected, and error handlnig is not missing in either case. CVE-2024-57874 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57874.html CVE-2024-57874 https://bugzilla.suse.com/1235808 SUSE Bug 1235808 In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down reply or MST up request sideband message, the drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with the reading/parsing of the message from another thread via drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is possible since the reader/parser doesn't hold any lock while accessing the reception state. This in turn can lead to a memory corruption in the reader/parser as described by commit bd2fccac61b4 ("drm/dp_mst: Fix MST sideband message body length check"). Fix the above by resetting the message reception state if needed before reading/parsing a message. Another solution would be to hold the drm_dp_mst_topology_mgr::lock for the whole duration of the message reception/parsing in drm_dp_mst_handle_down_rep() and drm_dp_mst_handle_up_req(), however this would require a bigger change. Since the fix is also needed for stable, opting for the simpler solution in this patch. CVE-2024-57876 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57876.html CVE-2024-57876 https://bugzilla.suse.com/1235806 SUSE Bug 1235806 https://bugzilla.suse.com/1235807 SUSE Bug 1235807 In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4 At this point, the pgdat contains the following two zones: NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: "DMA32" SIZE: 20480 MIN/LOW/HIGH: 11/28/45 VM_STAT: NR_FREE_PAGES: 359 NR_ZONE_INACTIVE_ANON: 18813 NR_ZONE_ACTIVE_ANON: 0 NR_ZONE_INACTIVE_FILE: 50 NR_ZONE_ACTIVE_FILE: 0 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: "Normal" SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264 VM_STAT: NR_FREE_PAGES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 In allow_direct_reclaim(), while processing ZONE_DMA32, the sum of inactive/active file-backed pages calculated in zone_reclaimable_pages() based on the result of zone_page_state_snapshot() is zero. Additionally, since this system lacks swap, the calculation of inactive/ active anonymous pages is skipped. crash> p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } As a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to the processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having free pages significantly exceeding the high watermark. The problem is that the pgdat->kswapd_failures hasn't been incremented. crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures $1935 = 0x0 This is because the node deemed balanced. The node balancing logic in balance_pgdat() evaluates all zones collectively. If one or more zones (e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the entire node is deemed balanced. This causes balance_pgdat() to exit early before incrementing the kswapd_failures, as it considers the overall memory state acceptable, even though some zones (like ZONE_NORMAL) remain under significant pressure. The patch ensures that zone_reclaimable_pages() includes free pages (NR_FREE_PAGES) in its calculation when no other reclaimable pages are available (e.g., file-backed or anonymous pages). This change prevents zones like ZONE_DMA32, which have sufficient free pages, from being mistakenly deemed unreclaimable. By doing so, the patch ensures proper node balancing, avoids masking pressure on other zones like ZONE_NORMAL, and prevents infinite loops in throttle_direct_reclaim() caused by allow_direct_reclaim(pgdat) repeatedly returning false. The kernel hangs due to a task stuck in throttle_direct_reclaim(), caused by a node being incorrectly deemed balanced despite pressure in certain zones, such as ZONE_NORMAL. This issue arises from zone_reclaimable_pages ---truncated--- CVE-2024-57884 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57884.html CVE-2024-57884 https://bugzilla.suse.com/1235948 SUSE Bug 1235948 In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove(). CVE-2024-57887 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57887.html CVE-2024-57887 https://bugzilla.suse.com/1235952 SUSE Bug 1235952 In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker After commit 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") amdgpu started seeing the following warning: [ ] workqueue: WQ_MEM_RECLAIM sdma0:drm_sched_run_job_work [gpu_sched] is flushing !WQ_MEM_RECLAIM events:amdgpu_device_delay_enable_gfx_off [amdgpu] ... [ ] Workqueue: sdma0 drm_sched_run_job_work [gpu_sched] ... [ ] Call Trace: [ ] <TASK> ... [ ] ? check_flush_dependency+0xf5/0x110 ... [ ] cancel_delayed_work_sync+0x6e/0x80 [ ] amdgpu_gfx_off_ctrl+0xab/0x140 [amdgpu] [ ] amdgpu_ring_alloc+0x40/0x50 [amdgpu] [ ] amdgpu_ib_schedule+0xf4/0x810 [amdgpu] [ ] ? drm_sched_run_job_work+0x22c/0x430 [gpu_sched] [ ] amdgpu_job_run+0xaa/0x1f0 [amdgpu] [ ] drm_sched_run_job_work+0x257/0x430 [gpu_sched] [ ] process_one_work+0x217/0x720 ... [ ] </TASK> The intent of the verifcation done in check_flush_depedency is to ensure forward progress during memory reclaim, by flagging cases when either a memory reclaim process, or a memory reclaim work item is flushed from a context not marked as memory reclaim safe. This is correct when flushing, but when called from the cancel(_delayed)_work_sync() paths it is a false positive because work is either already running, or will not be running at all. Therefore cancelling it is safe and we can relax the warning criteria by letting the helper know of the calling context. References: 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") CVE-2024-57888 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57888.html CVE-2024-57888 https://bugzilla.suse.com/1235918 SUSE Bug 1235918 In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two things. First, I've re-arranged the condition in uverbs_request_next_ptr() so that the use controlled variable "len" is on one side of the comparison by itself without any math. Then I've modified all the callers to use size_mul() for the multiplications. CVE-2024-57890 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57890.html CVE-2024-57890 https://bugzilla.suse.com/1235919 SUSE Bug 1235919 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remounting sets the DQUOT_SUSPENDED flag instead of setting the DQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the next quota, the function ocfs2_get_next_id is called and only checks the quota usage flags and not the quota suspended flags. To fix this, I set dqi_priv to null when it is freed after remounting with read-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id. [akpm@linux-foundation.org: coding-style cleanups] CVE-2024-57892 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57892.html CVE-2024-57892 https://bugzilla.suse.com/1235964 SUSE Bug 1235964 In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets. CVE-2024-57893 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57893.html CVE-2024-57893 https://bugzilla.suse.com/1235920 SUSE Bug 1235920 https://bugzilla.suse.com/1235921 SUSE Bug 1235921 In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(), which in turn tries to wake up the cleaner kthread - which was already destroyed before, resulting in a use-after-free on the task_struct. Syzbot reported this with the following stack traces: BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205 submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615 run_ordered_work fs/btrfs/async-thread.c:288 [inline] btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4104 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1113 copy_process+0x5d1/0x3d50 kernel/fork.c:2225 kernel_clone+0x223/0x870 kernel/fork.c:2807 kernel_thread+0x1bc/0x240 kernel/fork.c:2869 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:767 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 24: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kmem_cache_free+0x195/0x410 mm/slub.c:4700 put_task_struct include/linux/sched/task.h:144 [inline] delayed_put_task_struct+0x125/0x300 kernel/exit.c:227 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:943 ---truncated--- CVE-2024-57896 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57896.html CVE-2024-57896 https://bugzilla.suse.com/1235965 SUSE Bug 1235965 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following warning. Before finialize this solution, there're some discussion on the DMA mapping type(stream-based or coherent) in this KFD migration case, followed by https://lore.kernel.org/all/04d4ab32 -45a1-4b88-86ee-fb0f35a0ca40@amd.com/T/. As there's no dma_sync_single_for_*() in the DMA buffer accessed that because this migration operation should be sync properly and automatically. Give that there's might not be a performance problem in various cache sync policy of DMA sync. Therefore, in order to simplify the DMA direction setting alignment, let's set the DMA map direction as BIDIRECTIONAL. [ 150.834218] WARNING: CPU: 8 PID: 1812 at kernel/dma/debug.c:1028 check_unmap+0x1cc/0x930 [ 150.834225] Modules linked in: amdgpu(OE) amdxcp drm_exec(OE) gpu_sched drm_buddy(OE) drm_ttm_helper(OE) ttm(OE) drm_suballoc_helper(OE) drm_display_helper(OE) drm_kms_helper(OE) i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc sch_fq_codel intel_rapl_msr amd_atl intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd snd_pci_acp6x snd_hda_codec snd_acp_config snd_hda_core snd_hwdep snd_soc_acpi kvm_amd sunrpc snd_pcm kvm binfmt_misc snd_seq_midi crct10dif_pclmul snd_seq_midi_event ghash_clmulni_intel sha512_ssse3 snd_rawmidi nls_iso8859_1 sha256_ssse3 sha1_ssse3 snd_seq aesni_intel snd_seq_device crypto_simd snd_timer cryptd input_leds [ 150.834310] wmi_bmof serio_raw k10temp rapl snd sp5100_tco ipmi_devintf soundcore ccp ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport efi_pstore drm(OE) ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii [ 150.834354] CPU: 8 PID: 1812 Comm: rocrtst64 Tainted: G OE 6.10.0-custom #492 [ 150.834358] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021 [ 150.834360] RIP: 0010:check_unmap+0x1cc/0x930 [ 150.834363] Code: c0 4c 89 4d c8 e8 34 bf 86 00 4c 8b 4d c8 4c 8b 45 c0 48 8b 4d b8 48 89 c6 41 57 4c 89 ea 48 c7 c7 80 49 b4 84 e8 b4 81 f3 ff <0f> 0b 48 c7 c7 04 83 ac 84 e8 76 ba fc ff 41 8b 76 4c 49 8d 7e 50 [ 150.834365] RSP: 0018:ffffaac5023739e0 EFLAGS: 00010086 [ 150.834368] RAX: 0000000000000000 RBX: ffffffff8566a2e0 RCX: 0000000000000027 [ 150.834370] RDX: ffff8f6a8f621688 RSI: 0000000000000001 RDI: ffff8f6a8f621680 [ 150.834372] RBP: ffffaac502373a30 R08: 00000000000000c9 R09: ffffaac502373850 [ 150.834373] R10: ffffaac502373848 R11: ffffffff84f46328 R12: ffffaac502373a40 [ 150.834375] R13: ffff8f6741045330 R14: ffff8f6741a77700 R15: ffffffff84ac831b [ 150.834377] FS: 00007faf0fc94c00(0000) GS:ffff8f6a8f600000(0000) knlGS:0000000000000000 [ 150.834379] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.834381] CR2: 00007faf0b600020 CR3: 000000010a52e000 CR4: 0000000000350ef0 [ 150.834383] Call Trace: [ 150.834385] <TASK> [ 150.834387] ? show_regs+0x6d/0x80 [ 150.834393] ? __warn+0x8c/0x140 [ 150.834397] ? check_unmap+0x1cc/0x930 [ 150.834400] ? report_bug+0x193/0x1a0 [ 150.834406] ? handle_bug+0x46/0x80 [ 150.834410] ? exc_invalid_op+0x1d/0x80 [ 150.834413] ? asm_exc_invalid_op+0x1f/0x30 [ 150.834420] ? check_unmap+0x1cc/0x930 [ 150.834425] debug_dma_unmap_page+0x86/0x90 [ 150.834431] ? srso_return_thunk+0x5/0x5f [ 150.834435] ---truncated--- CVE-2024-57897 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57897.html CVE-2024-57897 https://bugzilla.suse.com/1235969 SUSE Bug 1235969 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adjusted for each architecture. Call Trace: ? show_regs+0x54/0x58 ? __warn+0x6b/0xd4 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? report_bug+0x113/0x150 ? exc_overflow+0x30/0x30 ? handle_bug+0x27/0x44 ? exc_invalid_op+0x18/0x50 ? handle_exception+0xf6/0xf6 ? exc_overflow+0x30/0x30 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? exc_overflow+0x30/0x30 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? ieee80211_mesh_work+0xff/0x260 [mac80211] ? cfg80211_wiphy_work+0x72/0x98 [cfg80211] ? process_one_work+0xf1/0x1fc ? worker_thread+0x2c0/0x3b4 ? kthread+0xc7/0xf0 ? mod_delayed_work_on+0x4c/0x4c ? kthread_complete_and_exit+0x14/0x14 ? ret_from_fork+0x24/0x38 ? kthread_complete_and_exit+0x14/0x14 ? ret_from_fork_asm+0xf/0x14 ? entry_INT80_32+0xf0/0xf0 [restore no-op path for no changes] CVE-2024-57899 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57899.html CVE-2024-57899 https://bugzilla.suse.com/1235924 SUSE Bug 1235924 In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex in RCU callback is not allowed. Restrict SO_REUSEPORT socket option to inet sockets. v1 of this patch supported TCP, UDP and SCTP sockets, but fcnal-test.sh test needed RAW and ICMP support. [1] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by ksoftirqd/1/24: #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline] #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823 Preemption disabled at: [<ffffffff8161c8c8>] softirq_handle_begin kernel/softirq.c:402 [inline] [<ffffffff8161c8c8>] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537 CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 __might_resched+0x5d4/0x780 kernel/sched/core.c:8758 __mutex_lock_common kernel/locking/mutex.c:562 [inline] __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179 aead_release+0x3d/0x50 crypto/algif_aead.c:489 alg_do_release crypto/af_alg.c:118 [inline] alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 run_ksoftirqd+0xca/0x130 kernel/softirq.c:950 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> CVE-2024-57903 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57903.html CVE-2024-57903 https://bugzilla.suse.com/1235967 SUSE Bug 1235967 In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. CVE-2024-57904 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57904.html CVE-2024-57904 https://bugzilla.suse.com/1236078 SUSE Bug 1236078 In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. CVE-2024-57906 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57906.html CVE-2024-57906 https://bugzilla.suse.com/1236088 SUSE Bug 1236088 In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. CVE-2024-57907 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57907.html CVE-2024-57907 https://bugzilla.suse.com/1236090 SUSE Bug 1236090 In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. CVE-2024-57908 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57908.html CVE-2024-57908 https://bugzilla.suse.com/1236091 SUSE Bug 1236091 In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. CVE-2024-57910 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57910.html CVE-2024-57910 https://bugzilla.suse.com/1236097 SUSE Bug 1236097 In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace. CVE-2024-57911 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57911.html CVE-2024-57911 https://bugzilla.suse.com/1236098 SUSE Bug 1236098 In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. CVE-2024-57912 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57912.html CVE-2024-57912 https://bugzilla.suse.com/1236101 SUSE Bug 1236101 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->gadget_dev_desc_UDC_store() ->adb_write() ->usb_gadget_register_driver_owner ->driver_register() ->StartMonitor() ->bus_add_driver() ->adb_read() ->gadget_bind_driver() <times-out without BIND event> ->configfs_composite_bind() ->usb_add_function() ->open_functionfs() ->ffs_func_bind() ->adb_open() ->functionfs_bind() <ffs->state !=FFS_ACTIVE> The adb_open, adb_read, and adb_write operations are invoked from the daemon, but trying to bind the function is a process that is invoked by UDC write through configfs, which opens up the possibility of a race condition between the two paths. In this race scenario, the kernel panic occurs due to the WARN_ON from functionfs_bind when panic_on_warn is enabled. This commit fixes the kernel panic by removing the unnecessary WARN_ON. Kernel panic - not syncing: kernel: panic_on_warn set ... [ 14.542395] Call trace: [ 14.542464] ffs_func_bind+0x1c8/0x14a8 [ 14.542468] usb_add_function+0xcc/0x1f0 [ 14.542473] configfs_composite_bind+0x468/0x588 [ 14.542478] gadget_bind_driver+0x108/0x27c [ 14.542483] really_probe+0x190/0x374 [ 14.542488] __driver_probe_device+0xa0/0x12c [ 14.542492] driver_probe_device+0x3c/0x220 [ 14.542498] __driver_attach+0x11c/0x1fc [ 14.542502] bus_for_each_dev+0x104/0x160 [ 14.542506] driver_attach+0x24/0x34 [ 14.542510] bus_add_driver+0x154/0x270 [ 14.542514] driver_register+0x68/0x104 [ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4 [ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144 [ 14.542526] configfs_write_iter+0xf0/0x138 CVE-2024-57913 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57913.html CVE-2024-57913 https://bugzilla.suse.com/1236102 SUSE Bug 1236102 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-57915 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57915.html CVE-2024-57915 https://bugzilla.suse.com/1236120 SUSE Bug 1236120 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-57916 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57916.html CVE-2024-57916 https://bugzilla.suse.com/1236125 SUSE Bug 1236125 In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNING in kvasprintf WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130 Call Trace: kvasprintf+0x121/0x130 kasprintf+0xa6/0xe0 bitmap_print_to_buf+0x89/0x100 core_siblings_list_read+0x7e/0xb0 kernfs_file_read_iter+0x15b/0x270 new_sync_read+0x153/0x260 vfs_read+0x215/0x290 ksys_read+0xb9/0x160 do_syscall_64+0x56/0x100 entry_SYSCALL_64_after_hwframe+0x78/0xe2 The call trace shows that kvasprintf() reported this warning during the printing of core_siblings_list. kvasprintf() has several steps: (1) First, calculate the length of the resulting formatted string. (2) Allocate a buffer based on the returned length. (3) Then, perform the actual string formatting. (4) Check whether the lengths of the formatted strings returned in steps (1) and (2) are consistent. If the core_cpumask is modified between steps (1) and (3), the lengths obtained in these two steps may not match. Indeed our test includes cpu hotplugging, which should modify core_cpumask while printing. To fix this issue, cache the cpumask into a temporary variable before calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged during the printing process. CVE-2024-57917 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57917.html CVE-2024-57917 https://bugzilla.suse.com/1236127 SUSE Bug 1236127 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) CVE-2024-57922 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57922.html CVE-2024-57922 https://bugzilla.suse.com/1236080 SUSE Bug 1236080 In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtk_drm_bind, all private's drm are set as follows. private->all_drm_private[i]->drm = drm; And drm will be released by drm_dev_put in case mtk_drm_kms_init returns failure. However, the shutdown path still accesses the previous allocated memory in drm_atomic_helper_shutdown. [ 84.874820] watchdog: watchdog0: watchdog did not stop! [ 86.512054] ================================================================== [ 86.513162] BUG: KASAN: use-after-free in drm_atomic_helper_shutdown+0x33c/0x378 [ 86.514258] Read of size 8 at addr ffff0000d46fc068 by task shutdown/1 [ 86.515213] [ 86.515455] CPU: 1 UID: 0 PID: 1 Comm: shutdown Not tainted 6.13.0-rc1-mtk+gfa1a78e5d24b-dirty #55 [ 86.516752] Hardware name: Unknown Product/Unknown Product, BIOS 2022.10 10/01/2022 [ 86.517960] Call trace: [ 86.518333] show_stack+0x20/0x38 (C) [ 86.518891] dump_stack_lvl+0x90/0xd0 [ 86.519443] print_report+0xf8/0x5b0 [ 86.519985] kasan_report+0xb4/0x100 [ 86.520526] __asan_report_load8_noabort+0x20/0x30 [ 86.521240] drm_atomic_helper_shutdown+0x33c/0x378 [ 86.521966] mtk_drm_shutdown+0x54/0x80 [ 86.522546] platform_shutdown+0x64/0x90 [ 86.523137] device_shutdown+0x260/0x5b8 [ 86.523728] kernel_restart+0x78/0xf0 [ 86.524282] __do_sys_reboot+0x258/0x2f0 [ 86.524871] __arm64_sys_reboot+0x90/0xd8 [ 86.525473] invoke_syscall+0x74/0x268 [ 86.526041] el0_svc_common.constprop.0+0xb0/0x240 [ 86.526751] do_el0_svc+0x4c/0x70 [ 86.527251] el0_svc+0x4c/0xc0 [ 86.527719] el0t_64_sync_handler+0x144/0x168 [ 86.528367] el0t_64_sync+0x198/0x1a0 [ 86.528920] [ 86.529157] The buggy address belongs to the physical page: [ 86.529972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d46fd4d0 pfn:0x1146fc [ 86.531319] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 86.532267] raw: 0bfffc0000000000 0000000000000000 dead000000000122 0000000000000000 [ 86.533390] raw: ffff0000d46fd4d0 0000000000000000 00000000ffffffff 0000000000000000 [ 86.534511] page dumped because: kasan: bad access detected [ 86.535323] [ 86.535559] Memory state around the buggy address: [ 86.536265] ffff0000d46fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.537314] ffff0000d46fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.538363] >ffff0000d46fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.544733] ^ [ 86.551057] ffff0000d46fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.557510] ffff0000d46fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.563928] ================================================================== [ 86.571093] Disabling lock debugging due to kernel taint [ 86.577642] Unable to handle kernel paging request at virtual address e0e9c0920000000b [ 86.581834] KASAN: maybe wild-memory-access in range [0x0752049000000058-0x075204900000005f] ... CVE-2024-57926 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57926.html CVE-2024-57926 https://bugzilla.suse.com/1236082 SUSE Bug 1236082 https://bugzilla.suse.com/1236084 SUSE Bug 1236084 In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller of dm_bm_read_lock() should not operate on this invalid dm_block pointer, or it will lead to undefined result. For example, the dm_array_cursor incorrectly caches the invalid pointer on reading a faulty array block, causing a double release in dm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put(). Reproduce steps: 1. initialize a cache device dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc $262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" 2. wipe the second array block offline dmsteup remove cache cmeta cdata corig mapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \ 2>/dev/null | hexdump -e '1/8 "%u\n"') ablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \ 2>/dev/null | hexdump -e '1/8 "%u\n"') dd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock 3. try reopen the cache device dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc $262144" dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) device-mapper: array: array_block_check failed: blocknr 0 != wanted 10 device-mapper: block manager: array validator check failed for block 10 device-mapper: array: get_ablock failed device-mapper: cache metadata: dm_array_cursor_next for mapping failed ------------[ cut here ]------------ kernel BUG at drivers/md/dm-bufio.c:638! Fix by setting the cached block pointer to NULL on errors. In addition to the reproducer described above, this fix can be verified using the "array_cursor/damaged" test in dm-unit: dm-unit run /pdata/array_cursor/damaged --kernel-dir <KERNEL_DIR> CVE-2024-57929 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57929.html CVE-2024-57929 https://bugzilla.suse.com/1236096 SUSE Bug 1236096 In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. CVE-2024-57931 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57931.html CVE-2024-57931 https://bugzilla.suse.com/1236192 SUSE Bug 1236192 In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these conditions are false. In the case of no loaded XDP program, priv->num_xdp_queues=0 which can cause a divide-by-zero error, and in the case of interface down, num_xdp_queues remains untouched to persist XDP queue count for the next interface up, but the TX pointer itself would be NULL. The XDP xmit callback also needs to synchronize with a device transitioning from open to close. This synchronization will happen via the GVE_PRIV_FLAGS_NAPI_ENABLED bit along with a synchronize_net() call, which waits for any RCU critical sections at call-time to complete. CVE-2024-57932 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57932.html CVE-2024-57932 https://bugzilla.suse.com/1236190 SUSE Bug 1236190 In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result in a crash, as the RX queue pointer would be NULL. XSK pool registration will occur as part of the next interface up. Similarly, xsk_wakeup needs be guarded against queues disappearing while the function is executing, so a check against the GVE_PRIV_FLAGS_NAPI_ENABLED flag is added to synchronize with the disabling of the bit and the synchronize_net() in gve_turndown. CVE-2024-57933 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57933.html CVE-2024-57933 https://bugzilla.suse.com/1236178 SUSE Bug 1236178 In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will be accessed. CVE-2024-57935 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57935.html CVE-2024-57935 https://bugzilla.suse.com/1236180 SUSE Bug 1236180 In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causing traffic failures and system crashes. Use the define for max SGE supported for variable size. This will work for both static and variable WQEs. CVE-2024-57936 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57936.html CVE-2024-57936 https://bugzilla.suse.com/1236181 SUSE Bug 1236181 In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow. CVE-2024-57938 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57938.html CVE-2024-57938 https://bugzilla.suse.com/1236182 SUSE Bug 1236182 In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented, causing condition 'dentry < max_dentries' unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs(). This commit stops traversing the cluster chain when there is unused directory entry in the cluster to avoid this infinite loop. CVE-2024-57940 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57940.html CVE-2024-57940 https://bugzilla.suse.com/1236227 SUSE Bug 1236227 In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's PM callbacks. And the motivation is to drain inflight IOs before suspending. block layer's queue freeze looks very handy, but it is also easy to cause deadlock, such as, any attempt to call into bio_queue_enter() may run into deadlock if the queue is frozen in current context. There are all kinds of ->suspend() called in suspend context, so keeping queue frozen in the whole suspend context isn't one good idea. And Marek reported lockdep warning[1] caused by virtio-blk's freeze queue in virtblk_freeze(). [1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/ Given the motivation is to drain in-flight IOs, it can be done by calling freeze & unfreeze, meantime restore to previous behavior by keeping queue quiesced during suspend. CVE-2024-57946 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-57946.html CVE-2024-57946 https://bugzilla.suse.com/1236247 SUSE Bug 1236247 BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177. CVE-2024-8805 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2024-8805.html CVE-2024-8805 https://bugzilla.suse.com/1230697 SUSE Bug 1230697 https://bugzilla.suse.com/1240804 SUSE Bug 1240804 In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure shadow stack is active before "getting" registers The x86 shadow stack support has its own set of registers. Those registers are XSAVE-managed, but they are "supervisor state components" which means that userspace can not touch them with XSAVE/XRSTOR. It also means that they are not accessible from the existing ptrace ABI for XSAVE state. Thus, there is a new ptrace get/set interface for it. The regset code that ptrace uses provides an ->active() handler in addition to the get/set ones. For shadow stack this ->active() handler verifies that shadow stack is enabled via the ARCH_SHSTK_SHSTK bit in the thread struct. The ->active() handler is checked from some call sites of the regset get/set handlers, but not the ptrace ones. This was not understood when shadow stack support was put in place. As a result, both the set/get handlers can be called with XFEATURE_CET_USER in its init state, which would cause get_xsave_addr() to return NULL and trigger a WARN_ON(). The ssp_set() handler luckily has an ssp_active() check to avoid surprising the kernel with shadow stack behavior when the kernel is not ready for it (ARCH_SHSTK_SHSTK==0). That check just happened to avoid the warning. But the ->get() side wasn't so lucky. It can be called with shadow stacks disabled, triggering the warning in practice, as reported by Christina Schimpe: WARNING: CPU: 5 PID: 1773 at arch/x86/kernel/fpu/regset.c:198 ssp_get+0x89/0xa0 [...] Call Trace: <TASK> ? show_regs+0x6e/0x80 ? ssp_get+0x89/0xa0 ? __warn+0x91/0x150 ? ssp_get+0x89/0xa0 ? report_bug+0x19d/0x1b0 ? handle_bug+0x46/0x80 ? exc_invalid_op+0x1d/0x80 ? asm_exc_invalid_op+0x1f/0x30 ? __pfx_ssp_get+0x10/0x10 ? ssp_get+0x89/0xa0 ? ssp_get+0x52/0xa0 __regset_get+0xad/0xf0 copy_regset_to_user+0x52/0xc0 ptrace_regset+0x119/0x140 ptrace_request+0x13c/0x850 ? wait_task_inactive+0x142/0x1d0 ? do_syscall_64+0x6d/0x90 arch_ptrace+0x102/0x300 [...] Ensure that shadow stacks are active in a thread before looking them up in the XSAVE buffer. Since ARCH_SHSTK_SHSTK and user_ssp[SHSTK_EN] are set at the same time, the active check ensures that there will be something to find in the XSAVE buffer. [ dhansen: changelog/subject tweaks ] CVE-2025-21632 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21632.html CVE-2025-21632 https://bugzilla.suse.com/1236106 SUSE Bug 1236106 In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Wakeup for IRQ1 should be disabled only in cases where i8042 had actually enabled it, otherwise "wake_depth" for this IRQ will try to drop below zero and there will be an unpleasant WARN() logged: kernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug kernel: ------------[ cut here ]------------ kernel: Unbalanced IRQ 1 wake disable kernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0 The PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops which sets amd_pmc_suspend_handler() to the .suspend, .freeze, and .poweroff handlers. i8042_pm_suspend(), however, is only set as the .suspend handler. Fix the issue by call PMC suspend handler only from the same set of dev_pm_ops handlers as i8042_pm_suspend(), which currently means just the .suspend handler. To reproduce this issue try hibernating (S4) the machine after a fresh boot without putting it into s2idle first. [ij: edited the commit message.] CVE-2025-21645 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21645.html CVE-2025-21645 https://bugzilla.suse.com/1236131 SUSE Bug 1236131 In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name of the cell, but that fails with a warning: WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405 because procfs limits the maximum filename length to 255. However, the DNS limits the maximum lookup length and, by extension, the maximum cell name, to 255 less two (length count and trailing NUL). Fix this by limiting the maximum acceptable cellname length to 253. This also allows us to be sure we can create the "/afs/.<cell>/" mountpoint too. Further, split the YFS VL record cell name maximum to be the 256 allowed by the protocol and ignore the record retrieved by YFSVL.GetCellName if it exceeds 253. CVE-2025-21646 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21646.html CVE-2025-21646 https://bugzilla.suse.com/1236168 SUSE Bug 1236168 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash. [ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge] [ 128.292938] sp : ffff800059b93140 [ 128.297200] x29: ffff800059b93140 x28: 0000000000003280 [ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080 [ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001 [ 128.315969] x23: 0000000000000000 x22: 0000000000000194 [ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000 [ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000 [ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24 [ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000 [ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368 [ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02 [ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0 [ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000 [ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff [ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294 [ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080 [ 128.390626] Call trace: [ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3] [ 128.405468] xmit_one.constprop.0+0xc4/0x200 [ 128.410600] dev_hard_start_xmit+0x54/0xf0 [ 128.415556] sch_direct_xmit+0xe8/0x634 [ 128.420246] __dev_queue_xmit+0x224/0xc70 [ 128.425101] dev_queue_xmit+0x1c/0x40 [ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch] [ 128.435409] do_output+0x60/0x17c [openvswitch] [ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch] [ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch] [ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch] [ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch] [ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch] [ 128.471460] xmit_one.constprop.0+0xc4/0x200 [ 128.476561] dev_hard_start_xmit+0x54/0xf0 [ 128.481489] __dev_queue_xmit+0x968/0xc70 [ 128.486330] dev_queue_xmit+0x1c/0x40 [ 128.490856] ip_finish_output2+0x250/0x570 [ 128.495810] __ip_finish_output+0x170/0x1e0 [ 128.500832] ip_finish_output+0x3c/0xf0 [ 128.505504] ip_output+0xbc/0x160 [ 128.509654] ip_send_skb+0x58/0xd4 [ 128.513892] udp_send_skb+0x12c/0x354 [ 128.518387] udp_sendmsg+0x7a8/0x9c0 [ 128.522793] inet_sendmsg+0x4c/0x8c [ 128.527116] __sock_sendmsg+0x48/0x80 [ 128.531609] __sys_sendto+0x124/0x164 [ 128.536099] __arm64_sys_sendto+0x30/0x5c [ 128.540935] invoke_syscall+0x50/0x130 [ 128.545508] el0_svc_common.constprop.0+0x10c/0x124 [ 128.551205] do_el0_svc+0x34/0xdc [ 128.555347] el0_svc+0x20/0x30 [ 128.559227] el0_sync_handler+0xb8/0xc0 [ 128.563883] el0_sync+0x160/0x180 CVE-2025-21649 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21649.html CVE-2025-21649 https://bugzilla.suse.com/1236143 SUSE Bug 1236143 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue The TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs 1024-1279 are in different BAR space addresses. However, hclge_fetch_pf_reg does not distinguish the tqp space information when reading the tqp space information. When the number of TQPs is greater than 1024, access bar space overwriting occurs. The problem of different segments has been considered during the initialization of tqp.io_base. Therefore, tqp.io_base is directly used when the queue is read in hclge_fetch_pf_reg. The error message: Unable to handle kernel paging request at virtual address ffff800037200000 pc : hclge_fetch_pf_reg+0x138/0x250 [hclge] lr : hclge_get_regs+0x84/0x1d0 [hclge] Call trace: hclge_fetch_pf_reg+0x138/0x250 [hclge] hclge_get_regs+0x84/0x1d0 [hclge] hns3_get_regs+0x2c/0x50 [hns3] ethtool_get_regs+0xf4/0x270 dev_ethtool+0x674/0x8a0 dev_ioctl+0x270/0x36c sock_do_ioctl+0x110/0x2a0 sock_ioctl+0x2ac/0x530 __arm64_sys_ioctl+0xa8/0x100 invoke_syscall+0x4c/0x124 el0_svc_common.constprop.0+0x140/0x15c do_el0_svc+0x30/0xd0 el0_svc+0x1c/0x2c el0_sync_handler+0xb0/0xb4 el0_sync+0x168/0x180 CVE-2025-21650 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21650.html CVE-2025-21650 https://bugzilla.suse.com/1236144 SUSE Bug 1236144 In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: [ 16.324639] Call trace: [ 16.324641] __queue_delayed_work+0xb8/0xe0 [ 16.324643] mod_delayed_work_on+0x78/0xd0 [ 16.324655] hclge_errhand_task_schedule+0x58/0x90 [hclge] [ 16.324662] hclge_misc_irq_handle+0x168/0x240 [hclge] [ 16.324666] __handle_irq_event_percpu+0x64/0x1e0 [ 16.324667] handle_irq_event+0x80/0x170 [ 16.324670] handle_fasteoi_edge_irq+0x110/0x2bc [ 16.324671] __handle_domain_irq+0x84/0xfc [ 16.324673] gic_handle_irq+0x88/0x2c0 [ 16.324674] el1_irq+0xb8/0x140 [ 16.324677] arch_cpu_idle+0x18/0x40 [ 16.324679] default_idle_call+0x5c/0x1bc [ 16.324682] cpuidle_idle_call+0x18c/0x1c4 [ 16.324684] do_idle+0x174/0x17c [ 16.324685] cpu_startup_entry+0x30/0x6c [ 16.324687] secondary_start_kernel+0x1a4/0x280 [ 16.324688] ---[ end trace 6aa0bff672a964aa ]--- So don't auto enable misc vector when request irq.. CVE-2025-21651 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21651.html CVE-2025-21651 https://bugzilla.suse.com/1236145 SUSE Bug 1236145 In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is triggered for the ipvlan dev, the lower dev might have already been freed, resulting in UAF of ipvlan->phy_dev in ipvlan_get_iflink(). We can delay the lower dev unregistration like vlan and macvlan by holding the lower dev's refcnt in dev->netdev_ops->ndo_init() and releasing it in dev->priv_destructor(). Jakub pointed out calling .ndo_XXX after unregister_netdevice() has returned is error prone and suggested [1] addressing this UAF in the core by taking commit 750e51603395 ("net: avoid potential UAF in default_operstate()") further. Let's assume unregistering devices DOWN and use RCU protection in default_operstate() not to race with the device unregistration. [0]: BUG: KASAN: slab-use-after-free in ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 Read of size 4 at addr ffff0000d768c0e0 by task kworker/u8:35/6944 CPU: 0 UID: 0 PID: 6944 Comm: kworker/u8:35 Not tainted 6.13.0-rc2-g9bc5c9515b48 #12 4c3cb9e8b4565456f6a355f312ff91f4f29b3c47 Hardware name: linux,dummy-virt (DT) Workqueue: events_unbound linkwatch_event Call trace: show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:484 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x16c/0x6f0 mm/kasan/report.c:489 kasan_report+0xc0/0x120 mm/kasan/report.c:602 __asan_report_load4_noabort+0x20/0x30 mm/kasan/report_generic.c:380 ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 dev_get_iflink+0x7c/0xd8 net/core/dev.c:674 default_operstate net/core/link_watch.c:45 [inline] rfc2863_policy+0x144/0x360 net/core/link_watch.c:72 linkwatch_do_dev+0x60/0x228 net/core/link_watch.c:175 __linkwatch_run_queue+0x2f4/0x5b8 net/core/link_watch.c:239 linkwatch_event+0x64/0xa8 net/core/link_watch.c:282 process_one_work+0x700/0x1398 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x8c4/0xe10 kernel/workqueue.c:3391 kthread+0x2b0/0x360 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 Allocated by task 9303: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x68 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4283 [inline] __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4289 __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:650 alloc_netdev_mqs+0xb4/0x1118 net/core/dev.c:11209 rtnl_create_link+0x2b8/0xb60 net/core/rtnetlink.c:3595 rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3771 __rtnl_newlink net/core/rtnetlink.c:3896 [inline] rtnl_newlink+0x122c/0x15c0 net/core/rtnetlink.c:4011 rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6901 netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2542 rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6928 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x2ec/0x438 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __arm64_sys_sendto+0xe4/0x110 net/socket.c:2200 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151 el ---truncated--- CVE-2025-21652 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21652.html CVE-2025-21652 https://bugzilla.suse.com/1236160 SUSE Bug 1236160 In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sched/cls_api.c:1771 [inline] tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867 sfb_classify net/sched/sch_sfb.c:260 [inline] sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318 dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793 __dev_xmit_skb net/core/dev.c:3889 [inline] __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82 udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173 geneve_xmit_skb drivers/net/geneve.c:916 [inline] geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606 __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434 CVE-2025-21653 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21653.html CVE-2025-21653 https://bugzilla.suse.com/1236161 SUSE Bug 1236161 In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period. CVE-2025-21655 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21655.html CVE-2025-21655 https://bugzilla.suse.com/1236163 SUSE Bug 1236163 In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes. Currently the driver just passes error codes of scsi_execute_cmd() to hwmon core, which is incorrect because hwmon only checks for negative error codes. This leads to hwmon reporting uninitialized data to userspace in case of SCSI errors (for example if the disk drive was disconnected). This patch checks scsi_execute_cmd() output and returns -EIO if it's error code is positive. [groeck: Avoid inline variable declaration for portability] CVE-2025-21656 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21656.html CVE-2025-21656 https://bugzilla.suse.com/1236248 SUSE Bug 1236248 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmd_alloc_index(), fails cmd_work_handler() needs to complete ent->slotted before returning early. Otherwise the task which issued the command may hang: mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry INFO: task kworker/13:2:4055883 blocked for more than 120 seconds. Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/13:2 D 0 4055883 2 0x00000228 Workqueue: events mlx5e_tx_dim_work [mlx5_core] Call trace: __switch_to+0xe8/0x150 __schedule+0x2a8/0x9b8 schedule+0x2c/0x88 schedule_timeout+0x204/0x478 wait_for_common+0x154/0x250 wait_for_completion+0x28/0x38 cmd_exec+0x7a0/0xa00 [mlx5_core] mlx5_cmd_exec+0x54/0x80 [mlx5_core] mlx5_core_modify_cq+0x6c/0x80 [mlx5_core] mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core] mlx5e_tx_dim_work+0x54/0x68 [mlx5_core] process_one_work+0x1b0/0x448 worker_thread+0x54/0x468 kthread+0x134/0x138 ret_from_fork+0x10/0x18 CVE-2025-21662 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21662.html CVE-2025-21662 https://bugzilla.suse.com/1236198 SUSE Bug 1236198 In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SID) to be written to the MGBE_WRAP_AXI_ASID0_CTRL register. The current driver is hard coded to use MGBE0's SID for all controllers. This causes softirq time outs and kernel panics when using controllers other than MGBE0. Example dmesg errors when an ethernet cable is connected to MGBE1: [ 116.133290] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx [ 121.851283] tegra-mgbe 6910000.ethernet eth1: NETDEV WATCHDOG: CPU: 5: transmit queue 0 timed out 5690 ms [ 121.851782] tegra-mgbe 6910000.ethernet eth1: Reset adapter. [ 121.892464] tegra-mgbe 6910000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0 [ 121.905920] tegra-mgbe 6910000.ethernet eth1: PHY [stmmac-1:00] driver [Aquantia AQR113] (irq=171) [ 121.907356] tegra-mgbe 6910000.ethernet eth1: Enabling Safety Features [ 121.907578] tegra-mgbe 6910000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported [ 121.908399] tegra-mgbe 6910000.ethernet eth1: registered PTP clock [ 121.908582] tegra-mgbe 6910000.ethernet eth1: configuring for phy/10gbase-r link mode [ 125.961292] tegra-mgbe 6910000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx [ 181.921198] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 181.921404] rcu: 7-....: (1 GPs behind) idle=540c/1/0x4000000000000002 softirq=1748/1749 fqs=2337 [ 181.921684] rcu: (detected by 4, t=6002 jiffies, g=1357, q=1254 ncpus=8) [ 181.921878] Sending NMI from CPU 4 to CPUs 7: [ 181.921886] NMI backtrace for cpu 7 [ 181.922131] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 6.13.0-rc3+ #6 [ 181.922390] Hardware name: NVIDIA CTI Forge + Orin AGX/Jetson, BIOS 202402.1-Unknown 10/28/2024 [ 181.922658] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 181.922847] pc : handle_softirqs+0x98/0x368 [ 181.922978] lr : __do_softirq+0x18/0x20 [ 181.923095] sp : ffff80008003bf50 [ 181.923189] x29: ffff80008003bf50 x28: 0000000000000008 x27: 0000000000000000 [ 181.923379] x26: ffffce78ea277000 x25: 0000000000000000 x24: 0000001c61befda0 [ 181.924486] x23: 0000000060400009 x22: ffffce78e99918bc x21: ffff80008018bd70 [ 181.925568] x20: ffffce78e8bb00d8 x19: ffff80008018bc20 x18: 0000000000000000 [ 181.926655] x17: ffff318ebe7d3000 x16: ffff800080038000 x15: 0000000000000000 [ 181.931455] x14: ffff000080816680 x13: ffff318ebe7d3000 x12: 000000003464d91d [ 181.938628] x11: 0000000000000040 x10: ffff000080165a70 x9 : ffffce78e8bb0160 [ 181.945804] x8 : ffff8000827b3160 x7 : f9157b241586f343 x6 : eeb6502a01c81c74 [ 181.953068] x5 : a4acfcdd2e8096bb x4 : ffffce78ea277340 x3 : 00000000ffffd1e1 [ 181.960329] x2 : 0000000000000101 x1 : ffffce78ea277340 x0 : ffff318ebe7d3000 [ 181.967591] Call trace: [ 181.970043] handle_softirqs+0x98/0x368 (P) [ 181.974240] __do_softirq+0x18/0x20 [ 181.977743] ____do_softirq+0x14/0x28 [ 181.981415] call_on_irq_stack+0x24/0x30 [ 181.985180] do_softirq_own_stack+0x20/0x30 [ 181.989379] __irq_exit_rcu+0x114/0x140 [ 181.993142] irq_exit_rcu+0x14/0x28 [ 181.996816] el1_interrupt+0x44/0xb8 [ 182.000316] el1h_64_irq_handler+0x14/0x20 [ 182.004343] el1h_64_irq+0x80/0x88 [ 182.007755] cpuidle_enter_state+0xc4/0x4a8 (P) [ 182.012305] cpuidle_enter+0x3c/0x58 [ 182.015980] cpuidle_idle_call+0x128/0x1c0 [ 182.020005] do_idle+0xe0/0xf0 [ 182.023155] cpu_startup_entry+0x3c/0x48 [ 182.026917] secondary_start_kernel+0xdc/0x120 [ 182.031379] __secondary_switched+0x74/0x78 [ 212.971162] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 7-.... } 6103 jiffies s: 417 root: 0x80/. [ 212.985935] rcu: blocking rcu_node structures (internal RCU debug): [ 212.992758] Sending NMI from CPU 0 to CPUs 7: [ 212.998539] NMI backtrace for cpu 7 [ 213.004304] CPU: 7 UID: 0 PI ---truncated--- CVE-2025-21663 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21663.html CVE-2025-21663 https://bugzilla.suse.com/1236260 SUSE Bug 1236260 In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rcu() and cautions programmers against relying on a list_empty() -> list_first() sequence in RCU safe code. This is because each of these functions performs its own READ_ONCE() of the list head. This can lead to a situation where the list_empty() sees a valid list entry, but the subsequent list_first() sees a different view of list head state after a modification. In the case of dm-thin, this author had a production box crash from a GP fault in the process_deferred_bios path. This function saw a valid list head in get_first_thin() but when it subsequently dereferenced that and turned it into a thin_c, it got the inside of the struct pool, since the list was now empty and referring to itself. The kernel on which this occurred printed both a warning about a refcount_t being saturated, and a UBSAN error for an out-of-bounds cpuid access in the queued spinlock, prior to the fault itself. When the resulting kdump was examined, it was possible to see another thread patiently waiting in thin_dtr's synchronize_rcu. The thin_dtr call managed to pull the thin_c out of the active thins list (and have it be the last entry in the active_thins list) at just the wrong moment which lead to this crash. Fortunately, the fix here is straight forward. Switch get_first_thin() function to use list_first_or_null_rcu() which performs just a single READ_ONCE() and returns NULL if the list is already empty. This was run against the devicemapper test suite's thin-provisioning suites for delete and suspend and no regressions were observed. CVE-2025-21664 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21664.html CVE-2025-21664 https://bugzilla.suse.com/1236262 SUSE Bug 1236262 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, which is happening due to two issues: 1. In SA add section, the should be _bh() variant when marking SA mode. 2. There is not needed flush_workqueue in SA delete routine. It is not needed as at this stage as it is removed from SADB and the running work will be canceled later in SA free. ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 6.12.0+ #4 Not tainted ----------------------------------------------------- charon/1337 [HC0[0]:SC0[4]:HE1:SE0] is trying to acquire: ffff88810f365020 (&xa->xa_lock#24){+.+.}-{3:3}, at: mlx5e_xfrm_del_state+0xca/0x1e0 [mlx5_core] and this task is already holding: ffff88813e0f0d48 (&x->lock){+.-.}-{3:3}, at: xfrm_state_delete+0x16/0x30 which would create a new lock dependency: (&x->lock){+.-.}-{3:3} -> (&xa->xa_lock#24){+.+.}-{3:3} but this new dependency connects a SOFTIRQ-irq-safe lock: (&x->lock){+.-.}-{3:3} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x1be/0x520 _raw_spin_lock_bh+0x34/0x40 xfrm_timer_handler+0x91/0xd70 __hrtimer_run_queues+0x1dd/0xa60 hrtimer_run_softirq+0x146/0x2e0 handle_softirqs+0x266/0x860 irq_exit_rcu+0x115/0x1a0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x16/0x20 default_idle+0x13/0x20 default_idle_call+0x67/0xa0 do_idle+0x2da/0x320 cpu_startup_entry+0x50/0x60 start_secondary+0x213/0x2a0 common_startup_64+0x129/0x138 to a SOFTIRQ-irq-unsafe lock: (&xa->xa_lock#24){+.+.}-{3:3} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x1be/0x520 _raw_spin_lock+0x2c/0x40 xa_set_mark+0x70/0x110 mlx5e_xfrm_add_state+0xe48/0x2290 [mlx5_core] xfrm_dev_state_add+0x3bb/0xd70 xfrm_add_sa+0x2451/0x4a90 xfrm_user_rcv_msg+0x493/0x880 netlink_rcv_skb+0x12e/0x380 xfrm_netlink_rcv+0x6d/0x90 netlink_unicast+0x42f/0x740 netlink_sendmsg+0x745/0xbe0 __sock_sendmsg+0xc5/0x190 __sys_sendto+0x1fe/0x2c0 __x64_sys_sendto+0xdc/0x1b0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&xa->xa_lock#24); local_irq_disable(); lock(&x->lock); lock(&xa->xa_lock#24); <Interrupt> lock(&x->lock); *** DEADLOCK *** 2 locks held by charon/1337: #0: ffffffff87f8f858 (&net->xfrm.xfrm_cfg_mutex){+.+.}-{4:4}, at: xfrm_netlink_rcv+0x5e/0x90 #1: ffff88813e0f0d48 (&x->lock){+.-.}-{3:3}, at: xfrm_state_delete+0x16/0x30 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&x->lock){+.-.}-{3:3} ops: 29 { HARDIRQ-ON-W at: lock_acquire+0x1be/0x520 _raw_spin_lock_bh+0x34/0x40 xfrm_alloc_spi+0xc0/0xe60 xfrm_alloc_userspi+0x5f6/0xbc0 xfrm_user_rcv_msg+0x493/0x880 netlink_rcv_skb+0x12e/0x380 xfrm_netlink_rcv+0x6d/0x90 netlink_unicast+0x42f/0x740 netlink_sendmsg+0x745/0xbe0 __sock_sendmsg+0xc5/0x190 __sys_sendto+0x1fe/0x2c0 __x64_sys_sendto+0xdc/0x1b0 do_syscall_64+0x6d/0x140 entry_SYSCALL_64_after_hwframe+0x4b/0x53 IN-SOFTIRQ-W at: lock_acquire+0x1be/0x520 _raw_spin_lock_bh+0x34/0x40 xfrm_timer_handler+0x91/0xd70 __hrtimer_run_queues+0x1dd/0xa60 ---truncated--- CVE-2025-21674 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21674.html CVE-2025-21674 https://bugzilla.suse.com/1236688 SUSE Bug 1236688 In the Linux kernel, the following vulnerability has been resolved: net: fec: handle page_pool_dev_alloc_pages error The fec_enet_update_cbd function calls page_pool_dev_alloc_pages but did not handle the case when it returned NULL. There was a WARN_ON(!new_page) but it would still proceed to use the NULL pointer and then crash. This case does seem somewhat rare but when the system is under memory pressure it can happen. One case where I can duplicate this with some frequency is when writing over a smbd share to a SATA HDD attached to an imx6q. Setting /proc/sys/vm/min_free_kbytes to higher values also seems to solve the problem for my test case. But it still seems wrong that the fec driver ignores the memory allocation error and can crash. This commit handles the allocation error by dropping the current packet. CVE-2025-21676 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21676.html CVE-2025-21676 https://bugzilla.suse.com/1236696 SUSE Bug 1236696 In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: always recalculate features after XDP clearing, fix null-deref Recalculate features when XDP is detached. Before: # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp # ip li set dev eth0 xdp off # ethtool -k eth0 | grep gro rx-gro-hw: off [requested on] After: # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp # ip li set dev eth0 xdp off # ethtool -k eth0 | grep gro rx-gro-hw: on The fact that HW-GRO doesn't get re-enabled automatically is just a minor annoyance. The real issue is that the features will randomly come back during another reconfiguration which just happens to invoke netdev_update_features(). The driver doesn't handle reconfiguring two things at a time very robustly. Starting with commit 98ba1d931f61 ("bnxt_en: Fix RSS logic in __bnxt_reserve_rings()") we only reconfigure the RSS hash table if the "effective" number of Rx rings has changed. If HW-GRO is enabled "effective" number of rings is 2x what user sees. So if we are in the bad state, with HW-GRO re-enablement "pending" after XDP off, and we lower the rings by / 2 - the HW-GRO rings doing 2x and the ethtool -L doing / 2 may cancel each other out, and the: if (old_rx_rings != bp->hw_resc.resv_rx_rings && condition in __bnxt_reserve_rings() will be false. The RSS map won't get updated, and we'll crash with: BUG: kernel NULL pointer dereference, address: 0000000000000168 RIP: 0010:__bnxt_hwrm_vnic_set_rss+0x13a/0x1a0 bnxt_hwrm_vnic_rss_cfg_p5+0x47/0x180 __bnxt_setup_vnic_p5+0x58/0x110 bnxt_init_nic+0xb72/0xf50 __bnxt_open_nic+0x40d/0xab0 bnxt_open_nic+0x2b/0x60 ethtool_set_channels+0x18c/0x1d0 As we try to access a freed ring. The issue is present since XDP support was added, really, but prior to commit 98ba1d931f61 ("bnxt_en: Fix RSS logic in __bnxt_reserve_rings()") it wasn't causing major issues. CVE-2025-21682 SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-rt-1-1.1 SUSE Linux Micro 6.1:kernel-rt-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-25.1 SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520249-1/ https://www.suse.com/security/cve/CVE-2025-21682.html CVE-2025-21682 https://bugzilla.suse.com/1236703 SUSE Bug 1236703