SUSE-SU-2025:0236-1

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694). - CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045). - CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304). - CVE-2023-52434: Fixed potential OOBs in smb2_parse_contexts() (bsc#1220148). - CVE-2023-52922: can: bcm: Fix UAF in bcm_proc_show() (bsc#1233977). - CVE-2024-26976: KVM: Always flush async #PF workqueue when vCPU is being destroyed (bsc#1223635). - CVE-2024-35847: irqchip/gic-v3-its: Prevent double free on error (bsc#1224697). - CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725). - CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730). - CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-47141: pinmux: Use sequential access to access desc->pinmux data (bsc#1235708). - CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50287: media: v4l2-tpg: prevent the risk of a division by zero (bsc#1233476). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). - CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834). - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). - CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53224: RDMA/mlx5: Cancel pkey work before destroying device resources (bsc#1235009). - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-56531: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (bsc#1235057). - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). - CVE-2024-56551: drm/amdgpu: fix usage slab after free (bsc#1235075). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56587: leds: class: Protect brightness_show() with led_cdev->led_access mutex (bsc#1235125). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56616: drm/dp_mst: Fix MST sideband message body length check (bsc#1235427). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56724: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (bsc#1235577). - CVE-2024-56756: nvme-pci: fix freeing of the HMB descriptor table (bsc#1234922). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57887: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (bsc#1235952). - CVE-2024-57888: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416 bsc#1235918). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). The following non-security bugs were fixed: - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - cifs: fix calc signature on big endian systems (bsc#1235888, bsc#1234921). - memcg: reduce memcg tree traversals for stats collection (bsc#1231877). - mm: memory.stat allow preemption (bsc#1231877). - net: marvell: mvpp2: phylink requires the link interrupt (bsc#1117016). - smb: client: fix parsing of SMB3.1.1 POSIX create context (git-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - udf: Handle error when adding extent to a file (bsc#1234437). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - workqueue: skip lockdep wq dependency in cancel_work_sync() (bsc#1235918).

Affected Systems

• suse•kernel-default&distro=SUSE Linux Enterprise Live Patching 12 SP5

  < 4.12.14-122.244.1

• suse•kernel-default&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

  < 4.12.14-122.244.1

• suse•kernel-default&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

  < 4.12.14-122.244.1

• suse•kernel-source&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

  < 4.12.14-122.244.1

• suse•kernel-source&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

  < 4.12.14-122.244.1

• suse•kernel-syms&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

  < 4.12.14-122.244.1

• suse•kernel-syms&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

  < 4.12.14-122.244.1

• suse•kgraft-patch-SLE12-SP5_Update_64&distro=SUSE Linux Enterprise Live Patching 12 SP5

  < 1-8.5.1

References (165)

• https://www.suse.com/support/update/announcement/2025/suse-su-20250236-1/
• https://bugzilla.suse.com/1117016
• https://bugzilla.suse.com/1168202
• https://bugzilla.suse.com/1188924
• https://bugzilla.suse.com/1215304
• https://bugzilla.suse.com/1220148
• https://bugzilla.suse.com/1223635
• https://bugzilla.suse.com/1224697
• https://bugzilla.suse.com/1225725
• https://bugzilla.suse.com/1225730
• https://bugzilla.suse.com/1226694
• https://bugzilla.suse.com/1226748
• https://bugzilla.suse.com/1226872
• https://bugzilla.suse.com/1228405
• https://bugzilla.suse.com/1230697
• https://bugzilla.suse.com/1230766
• https://bugzilla.suse.com/1231453
• https://bugzilla.suse.com/1231854
• https://bugzilla.suse.com/1231877
• https://bugzilla.suse.com/1231909
• https://bugzilla.suse.com/1232045
• https://bugzilla.suse.com/1232048
• https://bugzilla.suse.com/1232166
• https://bugzilla.suse.com/1232224
• https://bugzilla.suse.com/1233038
• https://bugzilla.suse.com/1233050
• https://bugzilla.suse.com/1233055
• https://bugzilla.suse.com/1233096
• https://bugzilla.suse.com/1233112
• https://bugzilla.suse.com/1233200
• https://bugzilla.suse.com/1233204
• https://bugzilla.suse.com/1233239
• https://bugzilla.suse.com/1233467
• https://bugzilla.suse.com/1233469
• https://bugzilla.suse.com/1233476
• https://bugzilla.suse.com/1233488
• https://bugzilla.suse.com/1233551
• https://bugzilla.suse.com/1233769
• https://bugzilla.suse.com/1233977
• https://bugzilla.suse.com/1234087
• https://bugzilla.suse.com/1234161
• https://bugzilla.suse.com/1234240
• https://bugzilla.suse.com/1234241
• https://bugzilla.suse.com/1234242
• https://bugzilla.suse.com/1234243
• https://bugzilla.suse.com/1234281
• https://bugzilla.suse.com/1234381
• https://bugzilla.suse.com/1234437
• https://bugzilla.suse.com/1234690
• https://bugzilla.suse.com/1234827
• https://bugzilla.suse.com/1234834
• https://bugzilla.suse.com/1234846
• https://bugzilla.suse.com/1234853
• https://bugzilla.suse.com/1234891
• https://bugzilla.suse.com/1234898
• https://bugzilla.suse.com/1234921
• https://bugzilla.suse.com/1234922
• https://bugzilla.suse.com/1234923
• https://bugzilla.suse.com/1234971
• https://bugzilla.suse.com/1235004
• https://bugzilla.suse.com/1235009
• https://bugzilla.suse.com/1235031
• https://bugzilla.suse.com/1235035
• https://bugzilla.suse.com/1235054
• https://bugzilla.suse.com/1235056
• https://bugzilla.suse.com/1235057
• https://bugzilla.suse.com/1235061
• https://bugzilla.suse.com/1235073
• https://bugzilla.suse.com/1235075
• https://bugzilla.suse.com/1235125
• https://bugzilla.suse.com/1235138
• https://bugzilla.suse.com/1235249
• https://bugzilla.suse.com/1235415
• https://bugzilla.suse.com/1235416
• https://bugzilla.suse.com/1235417
• https://bugzilla.suse.com/1235427
• https://bugzilla.suse.com/1235433
• https://bugzilla.suse.com/1235480
• https://bugzilla.suse.com/1235577
• https://bugzilla.suse.com/1235584
• https://bugzilla.suse.com/1235708
• https://bugzilla.suse.com/1235759
• https://bugzilla.suse.com/1235814
• https://bugzilla.suse.com/1235888
• https://bugzilla.suse.com/1235918
• https://bugzilla.suse.com/1235920
• https://bugzilla.suse.com/1235952
• https://bugzilla.suse.com/1235964
• https://www.suse.com/security/cve/CVE-2022-48742
• https://www.suse.com/security/cve/CVE-2022-49033
• https://www.suse.com/security/cve/CVE-2022-49035
• https://www.suse.com/security/cve/CVE-2023-52434
• https://www.suse.com/security/cve/CVE-2023-52922
• https://www.suse.com/security/cve/CVE-2024-26976
• https://www.suse.com/security/cve/CVE-2024-35847
• https://www.suse.com/security/cve/CVE-2024-36484
• https://www.suse.com/security/cve/CVE-2024-36883
• https://www.suse.com/security/cve/CVE-2024-36886
• https://www.suse.com/security/cve/CVE-2024-38589
• https://www.suse.com/security/cve/CVE-2024-41013
• https://www.suse.com/security/cve/CVE-2024-46771
• https://www.suse.com/security/cve/CVE-2024-47141
• https://www.suse.com/security/cve/CVE-2024-47666
• https://www.suse.com/security/cve/CVE-2024-47678
• https://www.suse.com/security/cve/CVE-2024-47709
• https://www.suse.com/security/cve/CVE-2024-49925
• https://www.suse.com/security/cve/CVE-2024-49944
• https://www.suse.com/security/cve/CVE-2024-50039
• https://www.suse.com/security/cve/CVE-2024-50143
• https://www.suse.com/security/cve/CVE-2024-50151
• https://www.suse.com/security/cve/CVE-2024-50166
• https://www.suse.com/security/cve/CVE-2024-50199
• https://www.suse.com/security/cve/CVE-2024-50211
• https://www.suse.com/security/cve/CVE-2024-50228
• https://www.suse.com/security/cve/CVE-2024-50256
• https://www.suse.com/security/cve/CVE-2024-50262
• https://www.suse.com/security/cve/CVE-2024-50278
• https://www.suse.com/security/cve/CVE-2024-50280
• https://www.suse.com/security/cve/CVE-2024-50287
• https://www.suse.com/security/cve/CVE-2024-50299
• https://www.suse.com/security/cve/CVE-2024-53057
• https://www.suse.com/security/cve/CVE-2024-53101
• https://www.suse.com/security/cve/CVE-2024-53112
• https://www.suse.com/security/cve/CVE-2024-53136
• https://www.suse.com/security/cve/CVE-2024-53141
• https://www.suse.com/security/cve/CVE-2024-53144
• https://www.suse.com/security/cve/CVE-2024-53146
• https://www.suse.com/security/cve/CVE-2024-53150
• https://www.suse.com/security/cve/CVE-2024-53156
• https://www.suse.com/security/cve/CVE-2024-53157
• https://www.suse.com/security/cve/CVE-2024-53172
• https://www.suse.com/security/cve/CVE-2024-53173
• https://www.suse.com/security/cve/CVE-2024-53179
• https://www.suse.com/security/cve/CVE-2024-53198
• https://www.suse.com/security/cve/CVE-2024-53210
• https://www.suse.com/security/cve/CVE-2024-53214
• https://www.suse.com/security/cve/CVE-2024-53224
• https://www.suse.com/security/cve/CVE-2024-53239
• https://www.suse.com/security/cve/CVE-2024-53240
• https://www.suse.com/security/cve/CVE-2024-56531
• https://www.suse.com/security/cve/CVE-2024-56548
• https://www.suse.com/security/cve/CVE-2024-56551
• https://www.suse.com/security/cve/CVE-2024-56569
• https://www.suse.com/security/cve/CVE-2024-56570
• https://www.suse.com/security/cve/CVE-2024-56587
• https://www.suse.com/security/cve/CVE-2024-56599
• https://www.suse.com/security/cve/CVE-2024-5660
• https://www.suse.com/security/cve/CVE-2024-56603
• https://www.suse.com/security/cve/CVE-2024-56604
• https://www.suse.com/security/cve/CVE-2024-56605
• https://www.suse.com/security/cve/CVE-2024-56606
• https://www.suse.com/security/cve/CVE-2024-56616
• https://www.suse.com/security/cve/CVE-2024-56631
• https://www.suse.com/security/cve/CVE-2024-56642
• https://www.suse.com/security/cve/CVE-2024-56664
• https://www.suse.com/security/cve/CVE-2024-56704
• https://www.suse.com/security/cve/CVE-2024-56724
• https://www.suse.com/security/cve/CVE-2024-56756
• https://www.suse.com/security/cve/CVE-2024-57791
• https://www.suse.com/security/cve/CVE-2024-57849
• https://www.suse.com/security/cve/CVE-2024-57887
• https://www.suse.com/security/cve/CVE-2024-57888
• https://www.suse.com/security/cve/CVE-2024-57892
• https://www.suse.com/security/cve/CVE-2024-57893
• https://www.suse.com/security/cve/CVE-2024-8805