{"affected":[{"ecosystem_specific":{"binaries":[{"kgraft-patch-4_12_14-122_231-default":"18-4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Live Patching 12 SP5","name":"kgraft-patch-SLE12-SP5_Update_61","purl":"pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_61&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18-4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for the SUSE Linux Enterprise kernel 4.12.14-122.231 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).\n- CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1232818).\n- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).\n- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238324).\n- CVE-2022-49179: block, bfq: don't move oom_bfqq (bsc#1241331).\n- CVE-2022-49465: blk-throttle: set BIO_THROTTLED when bio has been throttled (bsc#1238920).\n- CVE-2022-49545: ALSA: usb-audio: cancel pending work at closing a MIDI substream (bsc#1238730).\n- CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238788).\n- CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238790).\n- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249847).\n- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250302).\n- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230998).\n- CVE-2024-46818: drm/amd/display: check gpio_id before used as array index (bsc#1231204).\n- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676).\n- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231993).\n- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943).\n- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231862).\n- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1233019).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).\n- CVE-2024-50154: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink() (bsc#1233072).\n- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233712).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).\n- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).\n- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).\n- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).\n- CVE-2024-53146: NFSD: prevent a potential integer overflow (bsc#1234854).\n- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234847).\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).\n- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234892).\n- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235005).\n- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235218).\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).\n- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431).\n- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250).\n- CVE-2024-57893: ALSA: seq: oss: fix races at processing SysEx messages (bsc#1235921).\n- CVE-2024-57996: net_sched: sch_sfq: don't allow 1 packet limit (bsc#1239077).\n- CVE-2024-8805: BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability (bsc#1240840).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).\n- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238912).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).\n- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n- CVE-2025-38177: kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).\n- CVE-2025-38181: calipso: fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246001).\n- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).\n- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247499).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208).\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n\nThe following non security issues were fixed:\n\n- Add the git commit and branch to the package description (bsc#920633)\n- Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. (bsc#930408)\n- Mark the module as supported (bsc#904970)\n- Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups.\n- Require exact kernel version in the patch (bsc#920615)\n- Revert 'Require exact kernel version in the patch' This needs to be done differently, so that modprobe --force works as expected. (bsc#920615) This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a.\n- Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. (bsc#907150)\n- The stubs' signatures have changed: each argument used to get mapped to either long or long long, but on x86_64, the stubs are now receiving a single struct pt_regs only -- it's their responsibility to extract the arguments as appropriate. In order to not require each and every live patch touching syscalls to include an insane amount of ifdeffery, provide a set of #defines hiding it: 1.) KLP_SYSCALL_SYM(name) expands to the syscall stub name for 64 bits as defined by _SYSCALL_DEFINEx(x, _name, ...). 2.) If the architeture requires 32bit specific stubs for syscalls sharing a common implementation between 32 and 64bits, the KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS macro is defined. 3.) If KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS is defined, then KLP_SYSCALL_COMPAT_STUB_SYM(name) expands to the syscall stub name for 32 bits as defined by _SYSCALL_DEFINEx(x, _name, ...). 4.) For syscalls not sharing a common implementation between 32 and 64 bits, i.e. those defined by COMPAT_SYSCALL_DEFINEx(), the macro KLP_COMPAT_SYSCALL_SYM(name) expands to the stub name defined as defined by COMPAT_SYSCALL_DEFINEx(x, _name, ...). 5.) Finally, for hiding differences between the signatures, provide the macro KLP_SYSCALL_DECLx(x, sym, ...) which expands to a declaration of sym, with the x arguments either mapped to long resp. long long each, or collapsed to a single struct pt_regs argument as appropriate for the architecture. Note that these macros are defined as appropriate on kernels before and after 4.17, so that live patch code can be shared. (bsc#1149841)\n- bsc#1249208: fix livepatching target module name (bsc#1252946)\n- uname_patch: convert to the syscall stub wrapper macros from klp_syscalls.h In order to make the live patch to the newuname() syscall work on kernels >= 4.17 again, convert it to the KLP_SYSCALL_*() wrapper macros provided by klp_syscalls.h. (bsc#1149841)\n","id":"SUSE-SU-2025:4123-1","modified":"2025-11-18T02:04:00Z","published":"2025-11-18T02:04:00Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254123-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103203"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149841"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230998"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231204"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231676"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231862"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231943"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231993"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232637"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232818"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232929"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233019"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233072"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233679"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233680"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233708"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233712"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234847"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234854"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234892"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235005"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235062"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235218"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235231"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235250"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235431"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235921"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236783"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237930"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238324"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238730"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238788"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238790"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238912"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238920"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239077"},{"type":"REPORT","url":"https://bugzilla.suse.com/1240744"},{"type":"REPORT","url":"https://bugzilla.suse.com/1240840"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241331"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243650"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245218"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245350"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245775"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245776"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245793"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245794"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245797"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246001"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246030"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246356"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247315"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247350"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247351"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247499"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248673"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248749"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249207"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249208"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249847"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250302"},{"type":"REPORT","url":"https://bugzilla.suse.com/1252946"},{"type":"REPORT","url":"https://bugzilla.suse.com/904970"},{"type":"REPORT","url":"https://bugzilla.suse.com/907150"},{"type":"REPORT","url":"https://bugzilla.suse.com/920615"},{"type":"REPORT","url":"https://bugzilla.suse.com/920633"},{"type":"REPORT","url":"https://bugzilla.suse.com/930408"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-48956"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-49014"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-49053"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-49080"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-49179"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-49465"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-49545"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-49563"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-49564"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-50252"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-50386"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45016"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-46818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47674"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47684"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47706"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-49860"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50115"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50125"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50264"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50279"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50301"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50302"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53146"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53168"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53173"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53214"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-56600"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-56601"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-56605"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-56650"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-56664"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-57893"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-57996"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-8805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21702"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21772"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21791"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21971"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-37752"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-37797"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38000"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38079"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38083"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38177"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38212"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38477"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38494"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38495"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38498"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38499"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38618"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38644"}],"related":["CVE-2022-48956","CVE-2022-49014","CVE-2022-49053","CVE-2022-49080","CVE-2022-49179","CVE-2022-49465","CVE-2022-49545","CVE-2022-49563","CVE-2022-49564","CVE-2022-50252","CVE-2022-50386","CVE-2024-45016","CVE-2024-46818","CVE-2024-47674","CVE-2024-47684","CVE-2024-47706","CVE-2024-49860","CVE-2024-50115","CVE-2024-50125","CVE-2024-50154","CVE-2024-50264","CVE-2024-50279","CVE-2024-50301","CVE-2024-50302","CVE-2024-53104","CVE-2024-53146","CVE-2024-53156","CVE-2024-53168","CVE-2024-53173","CVE-2024-53214","CVE-2024-56600","CVE-2024-56601","CVE-2024-56605","CVE-2024-56650","CVE-2024-56664","CVE-2024-57893","CVE-2024-57996","CVE-2024-8805","CVE-2025-21702","CVE-2025-21772","CVE-2025-21791","CVE-2025-21971","CVE-2025-37752","CVE-2025-37797","CVE-2025-38000","CVE-2025-38079","CVE-2025-38083","CVE-2025-38177","CVE-2025-38181","CVE-2025-38212","CVE-2025-38477","CVE-2025-38494","CVE-2025-38495","CVE-2025-38498","CVE-2025-38499","CVE-2025-38617","CVE-2025-38618","CVE-2025-38644"],"summary":"Security update for the Linux Kernel (Live Patch 61 for SUSE Linux Enterprise 12 SP5)","upstream":["CVE-2022-48956","CVE-2022-49014","CVE-2022-49053","CVE-2022-49080","CVE-2022-49179","CVE-2022-49465","CVE-2022-49545","CVE-2022-49563","CVE-2022-49564","CVE-2022-50252","CVE-2022-50386","CVE-2024-45016","CVE-2024-46818","CVE-2024-47674","CVE-2024-47684","CVE-2024-47706","CVE-2024-49860","CVE-2024-50115","CVE-2024-50125","CVE-2024-50154","CVE-2024-50264","CVE-2024-50279","CVE-2024-50301","CVE-2024-50302","CVE-2024-53104","CVE-2024-53146","CVE-2024-53156","CVE-2024-53168","CVE-2024-53173","CVE-2024-53214","CVE-2024-56600","CVE-2024-56601","CVE-2024-56605","CVE-2024-56650","CVE-2024-56664","CVE-2024-57893","CVE-2024-57996","CVE-2024-8805","CVE-2025-21702","CVE-2025-21772","CVE-2025-21791","CVE-2025-21971","CVE-2025-37752","CVE-2025-37797","CVE-2025-38000","CVE-2025-38079","CVE-2025-38083","CVE-2025-38177","CVE-2025-38181","CVE-2025-38212","CVE-2025-38477","CVE-2025-38494","CVE-2025-38495","CVE-2025-38498","CVE-2025-38499","CVE-2025-38617","CVE-2025-38618","CVE-2025-38644"]}