Security update for qatengine, qatlib SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4053-1 Final 1 1 2025-11-11T13:46:58Z current 2025-11-11T13:46:58Z 2025-11-11T13:46:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qatengine, qatlib This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * CVE-2024-28885: Fixed observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. (bsc#1233363) * CVE-2024-31074: Fixed observable timing discrepancy may allow information disclosure via network access (bsc#1233365) * CVE-2024-33617: Fixed insufficient control flow management may allow information disclosure via network access (bsc#1233366) qatengine was updated to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibility issues * Optimize hex dump logging * Clear job tlv on error * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * Enable qaeMemFreeNonZeroNUMA() for qatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 - update to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues - version update to 24.02.0 * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4053,SUSE-SLE-Module-Basesystem-15-SP6-2025-4053,openSUSE-SLE-15.6-2025-4053 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254053-1/ Link for SUSE-SU-2025:4053-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023250.html E-Mail link for SUSE-SU-2025:4053-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233363 SUSE Bug 1233363 https://bugzilla.suse.com/1233365 SUSE Bug 1233365 https://bugzilla.suse.com/1233366 SUSE Bug 1233366 https://www.suse.com/security/cve/CVE-2024-28885/ SUSE CVE CVE-2024-28885 page https://www.suse.com/security/cve/CVE-2024-31074/ SUSE CVE CVE-2024-31074 page https://www.suse.com/security/cve/CVE-2024-33617/ SUSE CVE CVE-2024-33617 page SUSE Linux Enterprise Module for Basesystem 15 SP6 openSUSE Leap 15.6 libqat4-24.09.0-150600.3.3.1 libusdm0-24.09.0-150600.3.3.1 qatengine-1.7.0-150600.3.3.1 qatlib-24.09.0-150600.3.3.1 qatlib-devel-24.09.0-150600.3.3.1 libqat4-24.09.0-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libusdm0-24.09.0-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 qatengine-1.7.0-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 qatlib-24.09.0-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 qatlib-devel-24.09.0-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libqat4-24.09.0-150600.3.3.1 as a component of openSUSE Leap 15.6 libusdm0-24.09.0-150600.3.3.1 as a component of openSUSE Leap 15.6 qatengine-1.7.0-150600.3.3.1 as a component of openSUSE Leap 15.6 qatlib-24.09.0-150600.3.3.1 as a component of openSUSE Leap 15.6 qatlib-devel-24.09.0-150600.3.3.1 as a component of openSUSE Leap 15.6 Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. CVE-2024-28885 SUSE Linux Enterprise Module for Basesystem 15 SP6:libqat4-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libusdm0-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatengine-1.7.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatlib-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatlib-devel-24.09.0-150600.3.3.1 openSUSE Leap 15.6:libqat4-24.09.0-150600.3.3.1 openSUSE Leap 15.6:libusdm0-24.09.0-150600.3.3.1 openSUSE Leap 15.6:qatengine-1.7.0-150600.3.3.1 openSUSE Leap 15.6:qatlib-24.09.0-150600.3.3.1 openSUSE Leap 15.6:qatlib-devel-24.09.0-150600.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254053-1/ https://www.suse.com/security/cve/CVE-2024-28885.html CVE-2024-28885 https://bugzilla.suse.com/1233363 SUSE Bug 1233363 Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. CVE-2024-31074 SUSE Linux Enterprise Module for Basesystem 15 SP6:libqat4-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libusdm0-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatengine-1.7.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatlib-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatlib-devel-24.09.0-150600.3.3.1 openSUSE Leap 15.6:libqat4-24.09.0-150600.3.3.1 openSUSE Leap 15.6:libusdm0-24.09.0-150600.3.3.1 openSUSE Leap 15.6:qatengine-1.7.0-150600.3.3.1 openSUSE Leap 15.6:qatlib-24.09.0-150600.3.3.1 openSUSE Leap 15.6:qatlib-devel-24.09.0-150600.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254053-1/ https://www.suse.com/security/cve/CVE-2024-31074.html CVE-2024-31074 https://bugzilla.suse.com/1233365 SUSE Bug 1233365 Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. CVE-2024-33617 SUSE Linux Enterprise Module for Basesystem 15 SP6:libqat4-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libusdm0-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatengine-1.7.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatlib-24.09.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:qatlib-devel-24.09.0-150600.3.3.1 openSUSE Leap 15.6:libqat4-24.09.0-150600.3.3.1 openSUSE Leap 15.6:libusdm0-24.09.0-150600.3.3.1 openSUSE Leap 15.6:qatengine-1.7.0-150600.3.3.1 openSUSE Leap 15.6:qatlib-24.09.0-150600.3.3.1 openSUSE Leap 15.6:qatlib-devel-24.09.0-150600.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254053-1/ https://www.suse.com/security/cve/CVE-2024-33617.html CVE-2024-33617 https://bugzilla.suse.com/1233366 SUSE Bug 1233366