Security update for the Linux Kernel (Live Patch 62 for SUSE Linux Enterprise 12 SP5) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4194-1 Final 1 1 2025-11-24T10:04:23Z current 2025-11-24T10:04:23Z 2025-11-24T10:04:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 62 for SUSE Linux Enterprise 12 SP5) This update for the SUSE Linux Enterprise kernel 4.12.14-122.234 fixes one security issue The following security issue was fixed: - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1245778). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4194,SUSE-SLE-Live-Patching-12-SP5-2025-4194 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254194-1/ Link for SUSE-SU-2025:4194-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023333.html E-Mail link for SUSE-SU-2025:4194-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1245778 SUSE Bug 1245778 https://www.suse.com/security/cve/CVE-2024-53141/ SUSE CVE CVE-2024-53141 page SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_234-default-19-2.1 kgraft-patch-4_12_14-122_234-default-19-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. CVE-2024-53141 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_234-default-19-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254194-1/ https://www.suse.com/security/cve/CVE-2024-53141.html CVE-2024-53141 https://bugzilla.suse.com/1234381 SUSE Bug 1234381 https://bugzilla.suse.com/1245778 SUSE Bug 1245778