Security update for the Linux Kernel
| Announcement ID: | SUSE-SU-2025:0231-1 | 
|---|---|
| Release Date: | 2025-01-24T10:10:55Z | 
| Rating: | important | 
| References: | 
 | 
| Cross-References: | 
 | 
| CVSS scores: | 
 | 
| Affected Products: | 
 | 
An update that solves 64 vulnerabilities and has 13 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697).
The following non-security bugs were fixed:
- KVM: x86: fix sending PV IPI (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
        To install this SUSE  update use the SUSE recommended
        installation methods like YaST online_update or "zypper patch".
        Alternatively you can run the command listed for your product:
    
- 
                SUSE Linux Enterprise Micro for Rancher 5.3
                
                    
                        
 zypper in -t patch SUSE-SLE-Micro-5.3-2025-231=1
- 
                SUSE Linux Enterprise Micro 5.3
                
                    
                        
 zypper in -t patch SUSE-SLE-Micro-5.3-2025-231=1
- 
                SUSE Linux Enterprise Micro for Rancher 5.4
                
                    
                        
 zypper in -t patch SUSE-SLE-Micro-5.4-2025-231=1
- 
                SUSE Linux Enterprise Micro 5.4
                
                    
                        
 zypper in -t patch SUSE-SLE-Micro-5.4-2025-231=1
Package List:
- 
                    SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
                    - kernel-rt-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
                    - kernel-rt-debuginfo-5.14.21-150400.15.106.1
- kernel-rt-debugsource-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
                    - kernel-source-rt-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
                    - kernel-rt-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro 5.3 (x86_64)
                    - kernel-rt-debuginfo-5.14.21-150400.15.106.1
- kernel-rt-debugsource-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro 5.3 (noarch)
                    - kernel-source-rt-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
                    - kernel-rt-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
                    - kernel-rt-debuginfo-5.14.21-150400.15.106.1
- kernel-rt-debugsource-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
                    - kernel-source-rt-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
                    - kernel-rt-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro 5.4 (x86_64)
                    - kernel-rt-debuginfo-5.14.21-150400.15.106.1
- kernel-rt-debugsource-5.14.21-150400.15.106.1
 
- 
                    SUSE Linux Enterprise Micro 5.4 (noarch)
                    - kernel-source-rt-5.14.21-150400.15.106.1
 
References:
- https://www.suse.com/security/cve/CVE-2020-36788.html
- https://www.suse.com/security/cve/CVE-2021-4148.html
- https://www.suse.com/security/cve/CVE-2021-42327.html
- https://www.suse.com/security/cve/CVE-2021-47202.html
- https://www.suse.com/security/cve/CVE-2021-47365.html
- https://www.suse.com/security/cve/CVE-2021-47489.html
- https://www.suse.com/security/cve/CVE-2021-47491.html
- https://www.suse.com/security/cve/CVE-2021-47492.html
- https://www.suse.com/security/cve/CVE-2022-48632.html
- https://www.suse.com/security/cve/CVE-2022-48634.html
- https://www.suse.com/security/cve/CVE-2022-48636.html
- https://www.suse.com/security/cve/CVE-2022-48652.html
- https://www.suse.com/security/cve/CVE-2022-48671.html
- https://www.suse.com/security/cve/CVE-2022-48672.html
- https://www.suse.com/security/cve/CVE-2022-48673.html
- https://www.suse.com/security/cve/CVE-2022-48675.html
- https://www.suse.com/security/cve/CVE-2022-48686.html
- https://www.suse.com/security/cve/CVE-2022-48687.html
- https://www.suse.com/security/cve/CVE-2022-48688.html
- https://www.suse.com/security/cve/CVE-2022-48692.html
- https://www.suse.com/security/cve/CVE-2022-48693.html
- https://www.suse.com/security/cve/CVE-2022-48694.html
- https://www.suse.com/security/cve/CVE-2022-48695.html
- https://www.suse.com/security/cve/CVE-2022-48697.html
- https://www.suse.com/security/cve/CVE-2022-48699.html
- https://www.suse.com/security/cve/CVE-2022-48700.html
- https://www.suse.com/security/cve/CVE-2022-48701.html
- https://www.suse.com/security/cve/CVE-2022-48702.html
- https://www.suse.com/security/cve/CVE-2022-48703.html
- https://www.suse.com/security/cve/CVE-2022-48704.html
- https://www.suse.com/security/cve/CVE-2022-49035.html
- https://www.suse.com/security/cve/CVE-2023-0160.html
- https://www.suse.com/security/cve/CVE-2023-2860.html
- https://www.suse.com/security/cve/CVE-2023-47233.html
- https://www.suse.com/security/cve/CVE-2023-52591.html
- https://www.suse.com/security/cve/CVE-2023-52654.html
- https://www.suse.com/security/cve/CVE-2023-52655.html
- https://www.suse.com/security/cve/CVE-2023-52676.html
- https://www.suse.com/security/cve/CVE-2023-6531.html
- https://www.suse.com/security/cve/CVE-2024-26764.html
- https://www.suse.com/security/cve/CVE-2024-35811.html
- https://www.suse.com/security/cve/CVE-2024-35815.html
- https://www.suse.com/security/cve/CVE-2024-35895.html
- https://www.suse.com/security/cve/CVE-2024-35914.html
- https://www.suse.com/security/cve/CVE-2024-50154.html
- https://www.suse.com/security/cve/CVE-2024-53095.html
- https://www.suse.com/security/cve/CVE-2024-53142.html
- https://www.suse.com/security/cve/CVE-2024-53146.html
- https://www.suse.com/security/cve/CVE-2024-53156.html
- https://www.suse.com/security/cve/CVE-2024-53173.html
- https://www.suse.com/security/cve/CVE-2024-53179.html
- https://www.suse.com/security/cve/CVE-2024-53206.html
- https://www.suse.com/security/cve/CVE-2024-53214.html
- https://www.suse.com/security/cve/CVE-2024-53239.html
- https://www.suse.com/security/cve/CVE-2024-53240.html
- https://www.suse.com/security/cve/CVE-2024-53241.html
- https://www.suse.com/security/cve/CVE-2024-56539.html
- https://www.suse.com/security/cve/CVE-2024-56548.html
- https://www.suse.com/security/cve/CVE-2024-56570.html
- https://www.suse.com/security/cve/CVE-2024-56598.html
- https://www.suse.com/security/cve/CVE-2024-56604.html
- https://www.suse.com/security/cve/CVE-2024-56605.html
- https://www.suse.com/security/cve/CVE-2024-56619.html
- https://www.suse.com/security/cve/CVE-2024-8805.html
- https://bugzilla.suse.com/show_bug.cgi?id=1170891
- https://bugzilla.suse.com/show_bug.cgi?id=1173139
- https://bugzilla.suse.com/show_bug.cgi?id=1185010
- https://bugzilla.suse.com/show_bug.cgi?id=1189998
- https://bugzilla.suse.com/show_bug.cgi?id=1190358
- https://bugzilla.suse.com/show_bug.cgi?id=1190428
- https://bugzilla.suse.com/show_bug.cgi?id=1191949
- https://bugzilla.suse.com/show_bug.cgi?id=1193983
- https://bugzilla.suse.com/show_bug.cgi?id=1196869
- https://bugzilla.suse.com/show_bug.cgi?id=1200313
- https://bugzilla.suse.com/show_bug.cgi?id=1201308
- https://bugzilla.suse.com/show_bug.cgi?id=1201489
- https://bugzilla.suse.com/show_bug.cgi?id=1209657
- https://bugzilla.suse.com/show_bug.cgi?id=1209798
- https://bugzilla.suse.com/show_bug.cgi?id=1211592
- https://bugzilla.suse.com/show_bug.cgi?id=1215304
- https://bugzilla.suse.com/show_bug.cgi?id=1216702
- https://bugzilla.suse.com/show_bug.cgi?id=1217169
- https://bugzilla.suse.com/show_bug.cgi?id=1218447
- https://bugzilla.suse.com/show_bug.cgi?id=1221044
- https://bugzilla.suse.com/show_bug.cgi?id=1222721
- https://bugzilla.suse.com/show_bug.cgi?id=1222878
- https://bugzilla.suse.com/show_bug.cgi?id=1223481
- https://bugzilla.suse.com/show_bug.cgi?id=1223501
- https://bugzilla.suse.com/show_bug.cgi?id=1223512
- https://bugzilla.suse.com/show_bug.cgi?id=1223520
- https://bugzilla.suse.com/show_bug.cgi?id=1223894
- https://bugzilla.suse.com/show_bug.cgi?id=1223921
- https://bugzilla.suse.com/show_bug.cgi?id=1223922
- https://bugzilla.suse.com/show_bug.cgi?id=1223923
- https://bugzilla.suse.com/show_bug.cgi?id=1223924
- https://bugzilla.suse.com/show_bug.cgi?id=1223929
- https://bugzilla.suse.com/show_bug.cgi?id=1223931
- https://bugzilla.suse.com/show_bug.cgi?id=1223932
- https://bugzilla.suse.com/show_bug.cgi?id=1223934
- https://bugzilla.suse.com/show_bug.cgi?id=1223941
- https://bugzilla.suse.com/show_bug.cgi?id=1223948
- https://bugzilla.suse.com/show_bug.cgi?id=1223952
- https://bugzilla.suse.com/show_bug.cgi?id=1223953
- https://bugzilla.suse.com/show_bug.cgi?id=1223957
- https://bugzilla.suse.com/show_bug.cgi?id=1223962
- https://bugzilla.suse.com/show_bug.cgi?id=1223963
- https://bugzilla.suse.com/show_bug.cgi?id=1223964
- https://bugzilla.suse.com/show_bug.cgi?id=1223996
- https://bugzilla.suse.com/show_bug.cgi?id=1224099
- https://bugzilla.suse.com/show_bug.cgi?id=1224482
- https://bugzilla.suse.com/show_bug.cgi?id=1224511
- https://bugzilla.suse.com/show_bug.cgi?id=1224592
- https://bugzilla.suse.com/show_bug.cgi?id=1224685
- https://bugzilla.suse.com/show_bug.cgi?id=1224730
- https://bugzilla.suse.com/show_bug.cgi?id=1224816
- https://bugzilla.suse.com/show_bug.cgi?id=1224895
- https://bugzilla.suse.com/show_bug.cgi?id=1224898
- https://bugzilla.suse.com/show_bug.cgi?id=1224900
- https://bugzilla.suse.com/show_bug.cgi?id=1224901
- https://bugzilla.suse.com/show_bug.cgi?id=1230697
- https://bugzilla.suse.com/show_bug.cgi?id=1232436
- https://bugzilla.suse.com/show_bug.cgi?id=1233070
- https://bugzilla.suse.com/show_bug.cgi?id=1233642
- https://bugzilla.suse.com/show_bug.cgi?id=1234281
- https://bugzilla.suse.com/show_bug.cgi?id=1234282
- https://bugzilla.suse.com/show_bug.cgi?id=1234846
- https://bugzilla.suse.com/show_bug.cgi?id=1234853
- https://bugzilla.suse.com/show_bug.cgi?id=1234891
- https://bugzilla.suse.com/show_bug.cgi?id=1234921
- https://bugzilla.suse.com/show_bug.cgi?id=1234960
- https://bugzilla.suse.com/show_bug.cgi?id=1234963
- https://bugzilla.suse.com/show_bug.cgi?id=1235004
- https://bugzilla.suse.com/show_bug.cgi?id=1235035
- https://bugzilla.suse.com/show_bug.cgi?id=1235054
- https://bugzilla.suse.com/show_bug.cgi?id=1235056
- https://bugzilla.suse.com/show_bug.cgi?id=1235061
- https://bugzilla.suse.com/show_bug.cgi?id=1235073
- https://bugzilla.suse.com/show_bug.cgi?id=1235220
- https://bugzilla.suse.com/show_bug.cgi?id=1235224
- https://bugzilla.suse.com/show_bug.cgi?id=1235246
- https://bugzilla.suse.com/show_bug.cgi?id=1235507
