SUSE-SU-2025:0203-1

Advisory lineage Upstream: 23 Downstream: 0

Upstream

CVE-2021-47202 CVE-2022-49035 CVE-2024-41087 CVE-2024-50154 CVE-2024-53095 CVE-2024-53142

Published: 21 Jan 2025, 13:58

Last modified:04 Feb 2026, 03:54

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Jan 2025, 13:58

Published

Vulnerability first disclosed

04 Feb 2026, 03:54

Last Modified

Vulnerability information updated

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41087: Fix double free on error (bsc#1228466). - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224). - CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697). The following non-security bugs were fixed: - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) - KVM: x86: fix sending PV IPI (git-fixes). - fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge. - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642]. - supported.conf: add bsc1185010 dependency - supported.conf: hyperv_drm (jsc#sle-19733) - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes).

Affected Systems

suse•kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 5.14.21-150400.24.147.1
suse•kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-64kb&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 5.14.21-150400.24.147.1.150400.24.72.1
suse•kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 5.14.21-150400.24.147.1.150400.24.72.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Micro 5.3
< 5.14.21-150400.24.147.1.150400.24.72.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Micro 5.4
< 5.14.21-150400.24.147.1.150400.24.72.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 5.14.21-150400.24.147.1.150400.24.72.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 5.14.21-150400.24.147.1.150400.24.72.1
suse•kernel-default-base&distro=SUSE Manager Proxy 4.3
< 5.14.21-150400.24.147.1.150400.24.72.1
suse•kernel-default-base&distro=SUSE Manager Server 4.3
< 5.14.21-150400.24.147.1.150400.24.72.1
suse•kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP4
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP4
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Linux Enterprise Micro 5.3
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Linux Enterprise Micro 5.4
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Manager Proxy 4.3
< 5.14.21-150400.24.147.1
suse•kernel-default&distro=SUSE Manager Server 4.3
< 5.14.21-150400.24.147.1
suse•kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 5.14.21-150400.24.147.1
suse•kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-docs&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-docs&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 5.14.21-150400.24.147.1
suse•kernel-livepatch-SLE15-SP4_Update_35&distro=SUSE Linux Enterprise Live Patching 15 SP4
< 1-150400.9.3.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 5.14.21-150400.24.147.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 5.14.21-150400.24.147.1
suse•kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 5.14.21-150400.24.147.1
suse•kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-source&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 5.14.21-150400.24.147.1
suse•kernel-source&distro=SUSE Manager Proxy 4.3
< 5.14.21-150400.24.147.1
suse•kernel-source&distro=SUSE Manager Server 4.3
< 5.14.21-150400.24.147.1
suse•kernel-syms&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 5.14.21-150400.24.147.1
suse•kernel-syms&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-syms&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 5.14.21-150400.24.147.1
suse•kernel-syms&distro=SUSE Manager Proxy 4.3
< 5.14.21-150400.24.147.1
suse•kernel-syms&distro=SUSE Manager Server 4.3
< 5.14.21-150400.24.147.1
suse•kernel-zfcpdump&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 5.14.21-150400.24.147.1
suse•kernel-zfcpdump&distro=SUSE Manager Server 4.3
< 5.14.21-150400.24.147.1

SUSE-SU-2025:0203-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (55)