SUSE-SU-2025:0236-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250236-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0236-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0236-1
Related
Published
2025-01-24T17:02:35Z
Modified
2025-01-24T17:02:35Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-48742: rtnetlink: make sure to refresh masterdev/mops in _rtnlnewlink() (bsc#1226694).
  • CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfsqgroupinherit() (bsc#1232045).
  • CVE-2022-49035: media: s5pcec: limit msg.len to CECMAXMSGSIZE (bsc#1215304).
  • CVE-2023-52434: Fixed potential OOBs in smb2parsecontexts() (bsc#1220148).
  • CVE-2023-52922: can: bcm: Fix UAF in bcmprocshow() (bsc#1233977).
  • CVE-2024-26976: KVM: Always flush async #PF workqueue when vCPU is being destroyed (bsc#1223635).
  • CVE-2024-35847: irqchip/gic-v3-its: Prevent double free on error (bsc#1224697).
  • CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
  • CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
  • CVE-2024-38589: netrom: fix possible dead-lock in nrrtioctl() (bsc#1226748).
  • CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
  • CVE-2024-47141: pinmux: Use sequential access to access desc->pinmux data (bsc#1235708).
  • CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
  • CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
  • CVE-2024-49944: sctp: set skstate back to CLOSED if autobind fails in sctplisten_start (bsc#1232166).
  • CVE-2024-50039: kABI: Restore deleted EXPORTSYMBOL(qdisccalculatepktlen) (bsc#1231909).
  • CVE-2024-50143: udf: fix uninit-value use in udfgetfileshortad (bsc#1233038).
  • CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055).
  • CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
  • CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
  • CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
  • CVE-2024-50256: netfilter: nfrejectipv6: fix potential crash in nfsendreset6() (bsc#1233200).
  • CVE-2024-50262: bpf: Fix out-of-bounds write in triegetnext_key() (bsc#1233239).
  • CVE-2024-50287: media: v4l2-tpg: prevent the risk of a division by zero (bsc#1233476).
  • CVE-2024-50299: sctp: properly validate chunk size in sctpsfootb() (bsc#1233488).
  • CVE-2024-53057: net/sched: stop qdisctreereducebacklog on TCH_ROOT (bsc#1233551).
  • CVE-2024-53101: fs: Fix uninitialized value issue in fromkuid and fromkgid (bsc#1233769).
  • CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt (bsc#1234381).
  • CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
  • CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
  • CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice() (bsc#1234846).
  • CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
  • CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898).
  • CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
  • CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
  • CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbusdevprobe() (bsc#1234923).
  • CVE-2024-53210: s390/iucv: MSGPEEK causes memory leak in iucvsock_destruct() (bsc#1234971).
  • CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
  • CVE-2024-53224: RDMA/mlx5: Cancel pkey work before destroying device resources (bsc#1235009).
  • CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
  • CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
  • CVE-2024-56531: ALSA: caiaq: Use sndcardfreewhenclosed() at disconnection (bsc#1235057).
  • CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
  • CVE-2024-56551: drm/amdgpu: fix usage slab after free (bsc#1235075).
  • CVE-2024-56569: ftrace: Fix regression with module command in stacktracefilter (bsc#1235031).
  • CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
  • CVE-2024-56587: leds: class: Protect brightnessshow() with ledcdev->led_access mutex (bsc#1235125).
  • CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138).
  • CVE-2024-56603: net: afcan: do not leave a dangling sk pointer in cancreate() (bsc#1235415).
  • CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc() (bsc#1235056).
  • CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate() (bsc#1235061).
  • CVE-2024-56616: drm/dp_mst: Fix MST sideband message body length check (bsc#1235427).
  • CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
  • CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
  • CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
  • CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
  • CVE-2024-56724: mfd: intelsocpmic_bxtwc: Use IRQ domain for TMU device (bsc#1235577).
  • CVE-2024-56756: nvme-pci: fix freeing of the HMB descriptor table (bsc#1234922).
  • CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
  • CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
  • CVE-2024-57887: drm: adv7511: Fix use-after-free in adv7533attachdsi() (bsc#1235952).
  • CVE-2024-57888: workqueue: Do not warn when cancelling WQMEMRECLAIM work from !WQMEMRECLAIM worker (bsc#1235416 bsc#1235918).
  • CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964).
  • CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).

The following non-security bugs were fixed:

  • SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924).
  • SUNRPC: fix use-after-free in rpcfreeclient_work() (bsc#1168202 bsc#1188924).
  • cifs: fix calc signature on big endian systems (bsc#1235888, bsc#1234921).
  • memcg: reduce memcg tree traversals for stats collection (bsc#1231877).
  • mm: memory.stat allow preemption (bsc#1231877).
  • net: marvell: mvpp2: phylink requires the link interrupt (bsc#1117016).
  • smb: client: fix parsing of SMB3.1.1 POSIX create context (git-fixes).
  • tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
  • udf: Handle error when adding extent to a file (bsc#1234437).
  • udf: refactor udfcurrentaext() to handle error (bsc#1234240).
  • udf: refactor udfnextaext() to handle error (bsc#1234241).
  • workqueue: skip lockdep wq dependency in cancelworksync() (bsc#1235918).
References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.244.1

Ecosystem specific 

{
    "binaries": [
        {}
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.244.1

Ecosystem specific 

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_244-default": "1-8.5.1",
            "kernel-default-kgraft": "4.12.14-122.244.1",
            "kernel-default-kgraft-devel": "4.12.14-122.244.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_64

Package

Name
kgraft-patch-SLE12-SP5_Update_64
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_64&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_244-default": "1-8.5.1",
            "kernel-default-kgraft": "4.12.14-122.244.1",
            "kernel-default-kgraft-devel": "4.12.14-122.244.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.244.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.244.1",
            "kernel-devel": "4.12.14-122.244.1",
            "kernel-default-base": "4.12.14-122.244.1",
            "kernel-macros": "4.12.14-122.244.1",
            "kernel-default-man": "4.12.14-122.244.1",
            "kernel-source": "4.12.14-122.244.1",
            "cluster-md-kmp-default": "4.12.14-122.244.1",
            "kernel-default": "4.12.14-122.244.1",
            "gfs2-kmp-default": "4.12.14-122.244.1",
            "kernel-syms": "4.12.14-122.244.1",
            "kernel-default-devel": "4.12.14-122.244.1",
            "ocfs2-kmp-default": "4.12.14-122.244.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.244.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.244.1",
            "kernel-devel": "4.12.14-122.244.1",
            "kernel-default-base": "4.12.14-122.244.1",
            "kernel-macros": "4.12.14-122.244.1",
            "kernel-default-man": "4.12.14-122.244.1",
            "kernel-source": "4.12.14-122.244.1",
            "cluster-md-kmp-default": "4.12.14-122.244.1",
            "kernel-default": "4.12.14-122.244.1",
            "gfs2-kmp-default": "4.12.14-122.244.1",
            "kernel-syms": "4.12.14-122.244.1",
            "kernel-default-devel": "4.12.14-122.244.1",
            "ocfs2-kmp-default": "4.12.14-122.244.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.244.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.244.1",
            "kernel-devel": "4.12.14-122.244.1",
            "kernel-default-base": "4.12.14-122.244.1",
            "kernel-macros": "4.12.14-122.244.1",
            "kernel-default-man": "4.12.14-122.244.1",
            "kernel-source": "4.12.14-122.244.1",
            "cluster-md-kmp-default": "4.12.14-122.244.1",
            "kernel-default": "4.12.14-122.244.1",
            "gfs2-kmp-default": "4.12.14-122.244.1",
            "kernel-syms": "4.12.14-122.244.1",
            "kernel-default-devel": "4.12.14-122.244.1",
            "ocfs2-kmp-default": "4.12.14-122.244.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.244.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.244.1",
            "kernel-devel": "4.12.14-122.244.1",
            "kernel-default-base": "4.12.14-122.244.1",
            "kernel-macros": "4.12.14-122.244.1",
            "kernel-source": "4.12.14-122.244.1",
            "cluster-md-kmp-default": "4.12.14-122.244.1",
            "kernel-default": "4.12.14-122.244.1",
            "gfs2-kmp-default": "4.12.14-122.244.1",
            "kernel-syms": "4.12.14-122.244.1",
            "kernel-default-devel": "4.12.14-122.244.1",
            "ocfs2-kmp-default": "4.12.14-122.244.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.244.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.244.1",
            "kernel-devel": "4.12.14-122.244.1",
            "kernel-default-base": "4.12.14-122.244.1",
            "kernel-macros": "4.12.14-122.244.1",
            "kernel-source": "4.12.14-122.244.1",
            "cluster-md-kmp-default": "4.12.14-122.244.1",
            "kernel-default": "4.12.14-122.244.1",
            "gfs2-kmp-default": "4.12.14-122.244.1",
            "kernel-syms": "4.12.14-122.244.1",
            "kernel-default-devel": "4.12.14-122.244.1",
            "ocfs2-kmp-default": "4.12.14-122.244.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.244.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.244.1",
            "kernel-devel": "4.12.14-122.244.1",
            "kernel-default-base": "4.12.14-122.244.1",
            "kernel-macros": "4.12.14-122.244.1",
            "kernel-source": "4.12.14-122.244.1",
            "cluster-md-kmp-default": "4.12.14-122.244.1",
            "kernel-default": "4.12.14-122.244.1",
            "gfs2-kmp-default": "4.12.14-122.244.1",
            "kernel-syms": "4.12.14-122.244.1",
            "kernel-default-devel": "4.12.14-122.244.1",
            "ocfs2-kmp-default": "4.12.14-122.244.1"
        }
    ]
}