SUSE-SU-2025:0556-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250556-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0556-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0556-1
Related
Published
2025-02-14T15:26:35Z
Modified
2025-05-08T17:33:20.554102Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
  • CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
  • CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806).
  • CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
  • CVE-2024-57798: drm/dpmst: Ensure mstprimary pointer is valid in drmdpmsthandleup_req() (bsc#1235818).
  • CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768).
  • CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
  • CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
  • CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
  • CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qediallocandinitsb() (bsc#1234934).
  • CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
  • CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
  • CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
  • CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtg_check() (bsc#1235430).
  • CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fillframeinfo() (bsc#1235451).
  • CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
  • CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
  • CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
  • CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
  • CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
  • CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
  • CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123).
  • CVE-2024-53227: scsi: bfa: Fix use-after-free in bfadimmodule_exit() (bsc#1235011).
  • CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002).
  • CVE-2024-53177: smb: prevent use-after-free due to opencacheddir error paths (bsc#1234896).
  • CVE-2024-53166: block, bfq: fix bfqq uaf in bfqlimitdepth() (bsc#1234884).
  • CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt (bsc#1234381).
  • CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat (bsc#1234025).
  • CVE-2024-50299: sctp: properly validate chunk size in sctpsfootb() (bsc#1233488).
  • CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
  • CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055).
  • CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
  • CVE-2024-46858: mptcp: pm: Fix uaf in _timerdelete_sync (bsc#1231088).
  • CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736).

The following non-security bugs were fixed:

  • NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
  • NFS: Do not flush the readdir cache in nfsdentryiput() (bsc#1231847).
  • NFS: Improve heuristic for readdirplus (bsc#1231847).
  • NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
  • VFS: use systemunboundwq for delayed_mntput (bsc#1234683).
  • ceph: improve error handling and short/overflow-read logic in _cephsync_read() (bsc#1228592).
  • ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).
  • netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454).
  • powerpc/pseries/vas: Add close() callback in vasvmops struct (bsc#1234825).
  • tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
  • x86/static-call: Remove earlybootirqs_disabled check to fix Xen PVH dom0 (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Micro 5.5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.85.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150500.13.85.1",
            "kernel-rt": "5.14.21-150500.13.85.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.85.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150500.13.85.1",
            "kernel-rt": "5.14.21-150500.13.85.1"
        }
    ]
}