SUSE-SU-2024:4388-1

Advisory lineage Upstream: 18 Downstream: 0

Upstream

CVE-2023-52524 CVE-2024-49925 CVE-2024-50089 CVE-2024-50115 CVE-2024-50125 CVE-2024-50127

Published: 19 Dec 2024, 18:32

Last modified:04 Feb 2026, 03:07

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Dec 2024, 18:32

Published

Vulnerability first disclosed

04 Feb 2026, 03:07

Last Modified

Vulnerability information updated

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070). - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293). - CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479). - CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490). - CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491). - CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555). - CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557). The following non-security bugs were fixed: - Update config files (bsc#1218644). - initramfs: avoid filename buffer overrun (bsc#1232436). - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)

Affected Systems

suse•kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 5.3.18-150200.24.212.1.150200.9.111.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 5.3.18-150200.24.212.1.150200.9.111.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 5.3.18-150200.24.212.1.150200.9.111.1
suse•kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP2
< 5.3.18-150200.24.212.1
suse•kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP2
< 5.3.18-150200.24.212.1
suse•kernel-default&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 5.3.18-150200.24.212.1
suse•kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-docs&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-docs&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 5.3.18-150200.24.212.1
suse•kernel-livepatch-SLE15-SP2_Update_55&distro=SUSE Linux Enterprise Live Patching 15 SP2
< 1-150200.5.3.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 5.3.18-150200.24.212.1
suse•kernel-preempt&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-preempt&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-preempt&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 5.3.18-150200.24.212.1
suse•kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-source&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 5.3.18-150200.24.212.1
suse•kernel-syms&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-syms&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 5.3.18-150200.24.212.1
suse•kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 5.3.18-150200.24.212.1

SUSE-SU-2024:4388-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (38)