Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:0603-1
Release Date:	2025-02-20T10:34:39Z
Rating:	important
References:	bsc#1224763 bsc#1234025 bsc#1234853 bsc#1234891 bsc#1234963 bsc#1235054 bsc#1235061 bsc#1235073 bsc#1235217 bsc#1235230 bsc#1235430 bsc#1235645 bsc#1235812 bsc#1235920
Cross-References:	CVE-2024-35863 CVE-2024-53104 CVE-2024-53173 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56600 CVE-2024-56601 CVE-2024-56605 CVE-2024-56650 CVE-2024-56759 CVE-2024-57850 CVE-2024-57893
CVSS scores:	CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-35863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53239 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56539 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-56548 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-56600 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56600 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56601 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56601 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-56759 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56759 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-57850 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-57850 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-57893 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

An update that solves 13 vulnerabilities and has one security fix can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-35863: smb: client: fix potential UAF in is_valid_oplock_break() (bsc#1224763).
• CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
• CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
• CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
• CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
• CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
• CVE-2024-57850: jffs2: Prevent rtime decompress memory corruption (bsc#1235812).
• CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
  zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-603=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-603=1

Package List:

• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64)
  • kernel-xen-3.0.101-108.177.1
  • kernel-default-3.0.101-108.177.1
  • kernel-ec2-3.0.101-108.177.1
  • kernel-trace-3.0.101-108.177.1
• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64)
  • kernel-default-devel-3.0.101-108.177.1
  • kernel-xen-base-3.0.101-108.177.1
  • kernel-syms-3.0.101-108.177.1
  • kernel-ec2-devel-3.0.101-108.177.1
  • kernel-trace-devel-3.0.101-108.177.1
  • kernel-default-base-3.0.101-108.177.1
  • kernel-xen-devel-3.0.101-108.177.1
  • kernel-source-3.0.101-108.177.1
  • kernel-ec2-base-3.0.101-108.177.1
  • kernel-trace-base-3.0.101-108.177.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
  • kernel-xen-3.0.101-108.177.1
  • kernel-default-3.0.101-108.177.1
  • kernel-ec2-3.0.101-108.177.1
  • kernel-trace-3.0.101-108.177.1
• SUSE Linux Enterprise Server 11 SP4 (x86_64)
  • kernel-default-devel-3.0.101-108.177.1
  • kernel-xen-base-3.0.101-108.177.1
  • kernel-syms-3.0.101-108.177.1
  • kernel-ec2-devel-3.0.101-108.177.1
  • kernel-trace-devel-3.0.101-108.177.1
  • kernel-default-base-3.0.101-108.177.1
  • kernel-xen-devel-3.0.101-108.177.1
  • kernel-source-3.0.101-108.177.1
  • kernel-ec2-base-3.0.101-108.177.1
  • kernel-trace-base-3.0.101-108.177.1

References:

• https://www.suse.com/security/cve/CVE-2024-35863.html
• https://www.suse.com/security/cve/CVE-2024-53104.html
• https://www.suse.com/security/cve/CVE-2024-53173.html
• https://www.suse.com/security/cve/CVE-2024-53239.html
• https://www.suse.com/security/cve/CVE-2024-56539.html
• https://www.suse.com/security/cve/CVE-2024-56548.html
• https://www.suse.com/security/cve/CVE-2024-56600.html
• https://www.suse.com/security/cve/CVE-2024-56601.html
• https://www.suse.com/security/cve/CVE-2024-56605.html
• https://www.suse.com/security/cve/CVE-2024-56650.html
• https://www.suse.com/security/cve/CVE-2024-56759.html
• https://www.suse.com/security/cve/CVE-2024-57850.html
• https://www.suse.com/security/cve/CVE-2024-57893.html
• https://bugzilla.suse.com/show_bug.cgi?id=1224763
• https://bugzilla.suse.com/show_bug.cgi?id=1234025
• https://bugzilla.suse.com/show_bug.cgi?id=1234853
• https://bugzilla.suse.com/show_bug.cgi?id=1234891
• https://bugzilla.suse.com/show_bug.cgi?id=1234963
• https://bugzilla.suse.com/show_bug.cgi?id=1235054
• https://bugzilla.suse.com/show_bug.cgi?id=1235061
• https://bugzilla.suse.com/show_bug.cgi?id=1235073
• https://bugzilla.suse.com/show_bug.cgi?id=1235217
• https://bugzilla.suse.com/show_bug.cgi?id=1235230
• https://bugzilla.suse.com/show_bug.cgi?id=1235430
• https://bugzilla.suse.com/show_bug.cgi?id=1235645
• https://bugzilla.suse.com/show_bug.cgi?id=1235812
• https://bugzilla.suse.com/show_bug.cgi?id=1235920