SUSE-SU-2025:0565-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250565-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0565-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0565-1
Related
Published
2025-02-17T13:28:23Z
Modified
2025-02-17T13:28:23Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2021-47222: net: bridge: fix vlan tunnel dst refcnt when egressing (bsc#1224857).
  • CVE-2021-47223: net: bridge: fix vlan tunnel dst null pointer dereference (bsc#1224856).
  • CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1222072).
  • CVE-2024-47809: dlm: fix possible lkb_resource null dereference (bsc#1235714).
  • CVE-2024-48881: bcache: revert replacing ISERRORNULL with ISERR again (bsc#1235727).
  • CVE-2024-49948: net: add more sanity checks to qdiscpktlen_init() (bsc#1232161).
  • CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
  • CVE-2024-52332: igb: Fix potential invalid memory access in igbinitmodule() (bsc#1235700).
  • CVE-2024-53155: ocfs2: fix uninitialized value in ocfs2fileread_iter() (bsc#1234855).
  • CVE-2024-53185: smb: client: fix NULL ptr deref in cryptoaeadsetkey() (bsc#1234901).
  • CVE-2024-53197: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (bsc#1235464).
  • CVE-2024-53227: scsi: bfa: Fix use-after-free in bfadimmodule_exit() (bsc#1235011).
  • CVE-2024-55916: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (bsc#1235747).
  • CVE-2024-56369: drm/modes: Avoid divide by zero harder in drmmodevrefresh() (bsc#1235750).
  • CVE-2024-56532: ALSA: us122l: Use sndcardfreewhenclosed() at disconnection (bsc#1235059).
  • CVE-2024-56533: ALSA: usx2y: Use sndcardfreewhenclosed() at disconnection (bsc#1235053).
  • CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiexconfigscan() (bsc#1234963).
  • CVE-2024-56574: media: ts2020: fix null-ptr-deref in ts2020_probe() (bsc#1235040).
  • CVE-2024-56593: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglist_rw() (bsc#1235252).
  • CVE-2024-56594: drm/amdgpu: set the right AMDGPU sg segment limitation (bsc#1235413).
  • CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
  • CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
  • CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426).
  • CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
  • CVE-2024-56630: ocfs2: free inode when ocfs2getinit_inode() fails (bsc#1235479).
  • CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523).
  • CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526).
  • CVE-2024-56643: dccp: Fix memory leak in dccpfeatchange_recv (bsc#1235132).
  • CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtg_check() (bsc#1235430).
  • CVE-2024-56662: acpi: nfit: vmalloc-out-of-bounds Read in acpinfitctl (bsc#1235533).
  • CVE-2024-56681: crypto: bcm - add error check in the ahashhmacinit function (bsc#1235557).
  • CVE-2024-56700: media: wl128x: Fix atomicity violation in fmcsendcmd() (bsc#1235500).
  • CVE-2024-56722: RDMA/hns: Fix cpu stuck caused by printings during reset (bsc#1235570).
  • CVE-2024-56739: rtc: check if _rtcreadtime was successful in rtctimerdowork() (bsc#1235611).
  • CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qediallocandinitsb() (bsc#1234934).
  • CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedfallocandinitsb() (bsc#1235627).
  • CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
  • CVE-2024-56763: tracing: Prevent bad count for tracingcpumaskwrite (bsc#1235638).
  • CVE-2024-56769: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg (bsc#1235155).
  • CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim() (bsc#1235948).
  • CVE-2024-57890: RDMA/uverbs: Prevent integer overflow issue (bsc#1235919).
  • CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965).
  • CVE-2024-57899: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (bsc#1235924).
  • CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967).
  • CVE-2024-57922: drm/amd/display: Add check for granularity in dml ceil/floor helpers (bsc#1236080).
  • CVE-2024-57929: dm array: fix releasing a faulty array block twice in dmarraycursor_end (bsc#1236096).
  • CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192).
  • CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190).
  • CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctpassociationinit() (bsc#1236182).
  • CVE-2025-21653: netsched: clsflow: validate TCAFLOWRSHIFT attribute (bsc#1236161).
  • CVE-2025-21664: dm thin: make getfirstthin use rcu-safe list first function (bsc#1236262).
  • CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
  • CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703).

The following non-security bugs were fixed:

  • ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
  • drm/modes: Switch to 64bit maths to avoid integer overflow (bsc#1235750).
  • vfio/pci: Lock external INTx masking ops (bsc#1222803).
  • btrfs: fstests btrfs/309 fails on btrfs (bsc#1221282).
References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.247.1

Ecosystem specific 

{
    "binaries": [
        {}
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.247.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-122.247.1",
            "kernel-default-kgraft-devel": "4.12.14-122.247.1",
            "kgraft-patch-4_12_14-122_247-default": "1-8.3.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_65

Package

Name
kgraft-patch-SLE12-SP5_Update_65
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_65&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-122.247.1",
            "kernel-default-kgraft-devel": "4.12.14-122.247.1",
            "kgraft-patch-4_12_14-122_247-default": "1-8.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.247.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.247.1",
            "kernel-devel": "4.12.14-122.247.1",
            "kernel-default-base": "4.12.14-122.247.1",
            "kernel-macros": "4.12.14-122.247.1",
            "kernel-default-man": "4.12.14-122.247.1",
            "kernel-source": "4.12.14-122.247.1",
            "cluster-md-kmp-default": "4.12.14-122.247.1",
            "kernel-default": "4.12.14-122.247.1",
            "gfs2-kmp-default": "4.12.14-122.247.1",
            "kernel-syms": "4.12.14-122.247.1",
            "kernel-default-devel": "4.12.14-122.247.1",
            "ocfs2-kmp-default": "4.12.14-122.247.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.247.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.247.1",
            "kernel-devel": "4.12.14-122.247.1",
            "kernel-default-base": "4.12.14-122.247.1",
            "kernel-macros": "4.12.14-122.247.1",
            "kernel-default-man": "4.12.14-122.247.1",
            "kernel-source": "4.12.14-122.247.1",
            "cluster-md-kmp-default": "4.12.14-122.247.1",
            "kernel-default": "4.12.14-122.247.1",
            "gfs2-kmp-default": "4.12.14-122.247.1",
            "kernel-syms": "4.12.14-122.247.1",
            "kernel-default-devel": "4.12.14-122.247.1",
            "ocfs2-kmp-default": "4.12.14-122.247.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.247.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.247.1",
            "kernel-devel": "4.12.14-122.247.1",
            "kernel-default-base": "4.12.14-122.247.1",
            "kernel-macros": "4.12.14-122.247.1",
            "kernel-default-man": "4.12.14-122.247.1",
            "kernel-source": "4.12.14-122.247.1",
            "cluster-md-kmp-default": "4.12.14-122.247.1",
            "kernel-default": "4.12.14-122.247.1",
            "gfs2-kmp-default": "4.12.14-122.247.1",
            "kernel-syms": "4.12.14-122.247.1",
            "kernel-default-devel": "4.12.14-122.247.1",
            "ocfs2-kmp-default": "4.12.14-122.247.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.247.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.247.1",
            "kernel-devel": "4.12.14-122.247.1",
            "kernel-default-base": "4.12.14-122.247.1",
            "kernel-macros": "4.12.14-122.247.1",
            "kernel-source": "4.12.14-122.247.1",
            "cluster-md-kmp-default": "4.12.14-122.247.1",
            "kernel-default": "4.12.14-122.247.1",
            "gfs2-kmp-default": "4.12.14-122.247.1",
            "kernel-syms": "4.12.14-122.247.1",
            "kernel-default-devel": "4.12.14-122.247.1",
            "ocfs2-kmp-default": "4.12.14-122.247.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.247.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.247.1",
            "kernel-devel": "4.12.14-122.247.1",
            "kernel-default-base": "4.12.14-122.247.1",
            "kernel-macros": "4.12.14-122.247.1",
            "kernel-source": "4.12.14-122.247.1",
            "cluster-md-kmp-default": "4.12.14-122.247.1",
            "kernel-default": "4.12.14-122.247.1",
            "gfs2-kmp-default": "4.12.14-122.247.1",
            "kernel-syms": "4.12.14-122.247.1",
            "kernel-default-devel": "4.12.14-122.247.1",
            "ocfs2-kmp-default": "4.12.14-122.247.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.247.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.247.1",
            "kernel-devel": "4.12.14-122.247.1",
            "kernel-default-base": "4.12.14-122.247.1",
            "kernel-macros": "4.12.14-122.247.1",
            "kernel-source": "4.12.14-122.247.1",
            "cluster-md-kmp-default": "4.12.14-122.247.1",
            "kernel-default": "4.12.14-122.247.1",
            "gfs2-kmp-default": "4.12.14-122.247.1",
            "kernel-syms": "4.12.14-122.247.1",
            "kernel-default-devel": "4.12.14-122.247.1",
            "ocfs2-kmp-default": "4.12.14-122.247.1"
        }
    ]
}