Описание
Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_204 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2025:02857-1
- E-Mail link for SUSE-SU-2025:02857-1
- SUSE Security Ratings
- SUSE Bug 1244631
- SUSE Bug 1245218
- SUSE Bug 1245350
- SUSE Bug 1247350
- SUSE Bug 1247351
- SUSE CVE CVE-2024-36978 page
- SUSE CVE CVE-2025-38079 page
- SUSE CVE CVE-2025-38083 page
- SUSE CVE CVE-2025-38494 page
- SUSE CVE CVE-2025-38495 page
Описание
In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.
Затронутые продукты
Ссылки
- CVE-2024-36978
- SUSE Bug 1226514
- SUSE Bug 1244631
Описание
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.
Затронутые продукты
Ссылки
- CVE-2025-38079
- SUSE Bug 1245217
- SUSE Bug 1245218
Описание
In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
Затронутые продукты
Ссылки
- CVE-2025-38083
- SUSE Bug 1245183
- SUSE Bug 1245350
Описание
In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.
Затронутые продукты
Ссылки
- CVE-2025-38494
- SUSE Bug 1247349
- SUSE Bug 1247350
Описание
In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.
Затронутые продукты
Ссылки
- CVE-2025-38495
- SUSE Bug 1247348
- SUSE Bug 1247351