Описание
Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.88 fixes various security issues
The following security issues were fixed:
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1245778).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242882).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP5
Ссылки
- Link for SUSE-SU-2025:4283-1
- E-Mail link for SUSE-SU-2025:4283-1
- SUSE Security Ratings
- SUSE Bug 1242882
- SUSE Bug 1245778
- SUSE CVE CVE-2024-53141 page
- SUSE CVE CVE-2025-23145 page
Описание
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.
Затронутые продукты
Ссылки
- CVE-2024-53141
- SUSE Bug 1234381
- SUSE Bug 1245778
Описание
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... According to the debug log, the same req received two SYN-ACK in a very short time, very likely because the client retransmits the syn ack due to multiple reasons. Even if the packets are transmitted with a relevant time interval, they can be processed by the server on different CPUs concurrently). The 'subflow_req->msk' ownership is transferred to the subflow the first, and there will be a risk of a null pointer dereference here. This patch fixes this issue by moving the 'subflow_req->msk' under the `own_req == true` conditional. Note that the !msk check in subflow_hmac_valid() can be dropped, because the same check already exists under the own_req mpj branch where the code has been moved to.
Затронутые продукты
Ссылки
- CVE-2025-23145
- SUSE Bug 1242596
- SUSE Bug 1242882