Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:0152-1
Release Date:	2025-01-17T09:13:58Z
Rating:	important
References:	bsc#1027565 bsc#1056588 bsc#1059525 bsc#1202346 bsc#1227985 bsc#1234846 bsc#1234853 bsc#1234891 bsc#1234963 bsc#1235054 bsc#1235056 bsc#1235061 bsc#1235073 bsc#1235220 bsc#1235224
Cross-References:	CVE-2017-1000253 CVE-2017-14051 CVE-2017-2636 CVE-2022-20368 CVE-2022-48839 CVE-2024-53146 CVE-2024-53156 CVE-2024-53173 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56598 CVE-2024-56604 CVE-2024-56605 CVE-2024-56619
CVSS scores:	CVE-2017-1000253 ( SUSE ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000253 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000253 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000253 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-14051 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-14051 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2017-2636 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-2636 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-48839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-48839 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-53146 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-53156 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53156 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53239 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56539 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-56548 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-56598 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56598 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56604 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56604 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56604 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56619 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56619 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

An update that solves 15 vulnerabilities can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2017-14051: scsi/qla2xxx: Fix an integer overflow in sysfs code. (bsc#1056588)
• CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
• CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
• CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
• CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
• CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
• CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
• CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
• CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
• CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
• CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).

The following non-security bugs were fixed:

• Enable CONFIG_FIRMWARE_SIG ()
• r8169: check ALDPS bit and disable it if enabled for the 8168g (bnc#845352).
• rpm/kernel-binary.spec.in: Remove obsolete ext4-writeable. Needs to be handled differently. (bnc#830822)

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
  zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-152=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-152=1

Package List:

• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64)
  • kernel-ec2-3.0.101-108.174.1
  • kernel-default-3.0.101-108.174.1
  • kernel-trace-3.0.101-108.174.1
  • kernel-xen-3.0.101-108.174.1
• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64)
  • kernel-trace-devel-3.0.101-108.174.1
  • kernel-default-base-3.0.101-108.174.1
  • kernel-ec2-base-3.0.101-108.174.1
  • kernel-xen-devel-3.0.101-108.174.1
  • kernel-ec2-devel-3.0.101-108.174.1
  • kernel-default-devel-3.0.101-108.174.1
  • kernel-trace-base-3.0.101-108.174.1
  • kernel-source-3.0.101-108.174.1
  • kernel-syms-3.0.101-108.174.1
  • kernel-xen-base-3.0.101-108.174.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
  • kernel-ec2-3.0.101-108.174.1
  • kernel-default-3.0.101-108.174.1
  • kernel-trace-3.0.101-108.174.1
  • kernel-xen-3.0.101-108.174.1
• SUSE Linux Enterprise Server 11 SP4 (x86_64)
  • kernel-trace-devel-3.0.101-108.174.1
  • kernel-default-base-3.0.101-108.174.1
  • kernel-ec2-base-3.0.101-108.174.1
  • kernel-xen-devel-3.0.101-108.174.1
  • kernel-ec2-devel-3.0.101-108.174.1
  • kernel-default-devel-3.0.101-108.174.1
  • kernel-trace-base-3.0.101-108.174.1
  • kernel-source-3.0.101-108.174.1
  • kernel-syms-3.0.101-108.174.1
  • kernel-xen-base-3.0.101-108.174.1

References:

• https://www.suse.com/security/cve/CVE-2017-1000253.html
• https://www.suse.com/security/cve/CVE-2017-14051.html
• https://www.suse.com/security/cve/CVE-2017-2636.html
• https://www.suse.com/security/cve/CVE-2022-20368.html
• https://www.suse.com/security/cve/CVE-2022-48839.html
• https://www.suse.com/security/cve/CVE-2024-53146.html
• https://www.suse.com/security/cve/CVE-2024-53156.html
• https://www.suse.com/security/cve/CVE-2024-53173.html
• https://www.suse.com/security/cve/CVE-2024-53239.html
• https://www.suse.com/security/cve/CVE-2024-56539.html
• https://www.suse.com/security/cve/CVE-2024-56548.html
• https://www.suse.com/security/cve/CVE-2024-56598.html
• https://www.suse.com/security/cve/CVE-2024-56604.html
• https://www.suse.com/security/cve/CVE-2024-56605.html
• https://www.suse.com/security/cve/CVE-2024-56619.html
• https://bugzilla.suse.com/show_bug.cgi?id=1027565
• https://bugzilla.suse.com/show_bug.cgi?id=1056588
• https://bugzilla.suse.com/show_bug.cgi?id=1059525
• https://bugzilla.suse.com/show_bug.cgi?id=1202346
• https://bugzilla.suse.com/show_bug.cgi?id=1227985
• https://bugzilla.suse.com/show_bug.cgi?id=1234846
• https://bugzilla.suse.com/show_bug.cgi?id=1234853
• https://bugzilla.suse.com/show_bug.cgi?id=1234891
• https://bugzilla.suse.com/show_bug.cgi?id=1234963
• https://bugzilla.suse.com/show_bug.cgi?id=1235054
• https://bugzilla.suse.com/show_bug.cgi?id=1235056
• https://bugzilla.suse.com/show_bug.cgi?id=1235061
• https://bugzilla.suse.com/show_bug.cgi?id=1235073
• https://bugzilla.suse.com/show_bug.cgi?id=1235220
• https://bugzilla.suse.com/show_bug.cgi?id=1235224