SUSE-SU-2025:0231-1

Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250231-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0231-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0231-1
Related
Published
2025-01-24T10:10:55Z
Modified
2025-05-02T04:30:56.137645Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
  • CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
  • CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice() (bsc#1234846).
  • CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
  • CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
  • CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
  • CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
  • CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
  • CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
  • CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiexconfigscan() (bsc#1234963).
  • CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
  • CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
  • CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
  • CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc() (bsc#1235056).
  • CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate() (bsc#1235061).
  • CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfsfindentry() (bsc#1235224).
  • CVE-2024-8805: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE (bsc#1230697).

The following non-security bugs were fixed:

  • KVM: x86: fix sending PV IPI (git-fixes).
  • idpf: add support for SW triggered interrupts (bsc#1235507).
  • idpf: enable WBONITR (bsc#1235507).
  • idpf: trigger SW interrupt when exiting wbonitr mode (bsc#1235507).
  • kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
  • kernel/fork: beware of _puttaskstruct() calling context (bsc#1189998 (PREEMPTRT prerequisite backports)).
  • net: mana: Increase the DEFRXBUFFERSPERQUEUE to 1024 (bsc#1235246).
  • rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
  • scsi: storvsc: Do not flag MAINTENANCEIN return of SRBSTATUSDATAOVERRUN as an error (git-fixes).
  • smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
  • usb: roles: Call trymoduleget() from usbroleswitchfindby_fwnode() (git-fixes).
  • usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
  • x86/bug: Merge annotatereachable() into _BUGFLAGS() asm (git-fixes).
  • x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
  • x86/fpu/xstate: Fix the ARCHREQXCOMP_PERM implementation (git-fixes).
  • x86/fpu: Remove unused supervisor only offsets (git-fixes).
  • x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
  • x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
  • x86/mce: Allow instrumentation during task work queueing (git-fixes).
  • x86/mce: Mark mce_end() noinstr (git-fixes).
  • x86/mce: Mark mce_panic() noinstr (git-fixes).
  • x86/mce: Mark mcereadaux() noinstr (git-fixes).
  • x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
  • x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
  • x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
  • x86/uaccess: Move variable into switch case statement (git-fixes).
  • x86: Annotate callonstack() (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.106.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.106.1",
            "kernel-rt": "5.14.21-150400.15.106.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.106.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.106.1",
            "kernel-rt": "5.14.21-150400.15.106.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.106.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.106.1",
            "kernel-rt": "5.14.21-150400.15.106.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.106.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.106.1",
            "kernel-rt": "5.14.21-150400.15.106.1"
        }
    ]
}