SUSE-SU-2025:03392-1

Опубликовано: 27 сент. 2025

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-150400_24_173 fixes several issues.

The following security issues were fixed:

CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247499).
CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248298).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP4

kernel-livepatch-5_14_21-150400_24_173-default-2-150400.2.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202503392-1/
Link for SUSE-SU-2025:03392-1
https://lists.suse.com/pipermail/sle-updates/2025-September/041961.html
E-Mail link for SUSE-SU-2025:03392-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1247499
SUSE Bug 1247499
https://bugzilla.suse.com/1248298
SUSE Bug 1248298
https://www.suse.com/security/cve/CVE-2025-38498/
SUSE CVE CVE-2025-38498 page
https://www.suse.com/security/cve/CVE-2025-38555/
SUSE CVE CVE-2025-38555 page

Описание

In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_173-default-2-150400.2.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-38498.html
CVE-2025-38498
https://bugzilla.suse.com/1247374
SUSE Bug 1247374
https://bugzilla.suse.com/1247499
SUSE Bug 1247499

Описание

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to NULL. Then it will return a failure to the upper-level function. 2. in func configfs_composite_bind() -> composite_dev_cleanup(): it will checks whether cdev->os_desc_req is NULL. If it is not NULL, it will attempt to use it.This will lead to a use-after-free issue. BUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0 Read of size 8 at addr 0000004827837a00 by task init/1 CPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1 kasan_report+0x188/0x1cc __asan_load8+0xb4/0xbc composite_dev_cleanup+0xf4/0x2c0 configfs_composite_bind+0x210/0x7ac udc_bind_to_driver+0xb4/0x1ec usb_gadget_probe_driver+0xec/0x21c gadget_dev_desc_UDC_store+0x264/0x27c

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_173-default-2-150400.2.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-38555.html
CVE-2025-38555
https://bugzilla.suse.com/1248297
SUSE Bug 1248297
https://bugzilla.suse.com/1248298
SUSE Bug 1248298

SUSE-SU-2025:03392-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP4

Ссылки

Уязвимость: CVE-2025-38498

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-38555

Описание

Затронутые продукты

Ссылки