Описание
Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.
The following security issues were fixed:
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238730).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2025:02138-1
- E-Mail link for SUSE-SU-2025:02138-1
- SUSE Security Ratings
- SUSE Bug 1235231
- SUSE Bug 1238730
- SUSE CVE CVE-2022-49545 page
- SUSE CVE CVE-2024-56601 page
Описание
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For fixing the race, make sure to cancel the pending work at closing.
Затронутые продукты
Ссылки
- CVE-2022-49545
- SUSE Bug 1238729
- SUSE Bug 1238730
Описание
In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.
Затронутые продукты
Ссылки
- CVE-2024-56601
- SUSE Bug 1235230
- SUSE Bug 1235231