SUSE-SU-2025:0556-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250556-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0556-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0556-1
Related
Published
2025-02-14T15:26:35Z
Modified
2025-02-14T15:26:35Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
  • CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
  • CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806).
  • CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
  • CVE-2024-57798: drm/dpmst: Ensure mstprimary pointer is valid in drmdpmsthandleup_req() (bsc#1235818).
  • CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768).
  • CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
  • CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
  • CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
  • CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qediallocandinitsb() (bsc#1234934).
  • CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
  • CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
  • CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
  • CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtg_check() (bsc#1235430).
  • CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fillframeinfo() (bsc#1235451).
  • CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
  • CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
  • CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
  • CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
  • CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
  • CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
  • CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123).
  • CVE-2024-53227: scsi: bfa: Fix use-after-free in bfadimmodule_exit() (bsc#1235011).
  • CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002).
  • CVE-2024-53177: smb: prevent use-after-free due to opencacheddir error paths (bsc#1234896).
  • CVE-2024-53166: block, bfq: fix bfqq uaf in bfqlimitdepth() (bsc#1234884).
  • CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt (bsc#1234381).
  • CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat (bsc#1234025).
  • CVE-2024-50299: sctp: properly validate chunk size in sctpsfootb() (bsc#1233488).
  • CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
  • CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055).
  • CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
  • CVE-2024-46858: mptcp: pm: Fix uaf in _timerdelete_sync (bsc#1231088).
  • CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736).

The following non-security bugs were fixed:

  • NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
  • NFS: Do not flush the readdir cache in nfsdentryiput() (bsc#1231847).
  • NFS: Improve heuristic for readdirplus (bsc#1231847).
  • NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
  • VFS: use systemunboundwq for delayed_mntput (bsc#1234683).
  • ceph: improve error handling and short/overflow-read logic in _cephsync_read() (bsc#1228592).
  • ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).
  • netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454).
  • powerpc/pseries/vas: Add close() callback in vasvmops struct (bsc#1234825).
  • tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
  • x86/static-call: Remove earlybootirqs_disabled check to fix Xen PVH dom0 (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Micro 5.5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.85.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150500.13.85.1",
            "kernel-rt": "5.14.21-150500.13.85.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.85.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150500.13.85.1",
            "kernel-rt": "5.14.21-150500.13.85.1"
        }
    ]
}