SUSE-IU-2025:328-1: Security update of suse/sle-micro/kvm-5.5

Wed Jan 22 08:04:16 UTC 2025

SUSE Image Update Advisory: suse/sle-micro/kvm-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:328-1
Image Tags        : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.255 , suse/sle-micro/kvm-5.5:latest
Image Release     : 3.5.255
Severity          : important
Type              : security
References        : 1170891 1173139 1185010 1190358 1190428 1203332 1205521 1209288
                        1209798 1211593 1211595 1214635 1215304 1215523 1216813 1216909
                        1219608 1222878 1223044 1225758 1225820 1226694 1228190 1229809
                        1230422 1230697 1231388 1231453 1231854 1232045 1232157 1232166
                        1232419 1232436 1232472 1232823 1233038 1233050 1233070 1233096
                        1233127 1233200 1233239 1233324 1233467 1233468 1233469 1233485
                        1233547 1233550 1233558 1233564 1233568 1233637 1233642 1233701
                        1233769 1233837 1234072 1234073 1234075 1234076 1234077 1234087
                        1234120 1234156 1234219 1234220 1234240 1234241 1234281 1234282
                        1234294 1234338 1234357 1234437 1234464 1234605 1234639 1234650
                        1234727 1234811 1234827 1234834 1234843 1234846 1234853 1234856
                        1234891 1234912 1234920 1234921 1234960 1234963 1234971 1234973
                        1235004 1235035 1235037 1235039 1235054 1235056 1235061 1235073
                        1235220 1235224 1235246 1235507 CVE-2021-47202 CVE-2022-36280
                        CVE-2022-48742 CVE-2022-49033 CVE-2022-49035 CVE-2023-1382 CVE-2023-33951
                        CVE-2023-33952 CVE-2023-52920 CVE-2024-24860 CVE-2024-26886 CVE-2024-26924
                        CVE-2024-36915 CVE-2024-42232 CVE-2024-44934 CVE-2024-47666 CVE-2024-47678
                        CVE-2024-49944 CVE-2024-49952 CVE-2024-50018 CVE-2024-50143 CVE-2024-50154
                        CVE-2024-50166 CVE-2024-50181 CVE-2024-50202 CVE-2024-50211 CVE-2024-50256
                        CVE-2024-50262 CVE-2024-50278 CVE-2024-50279 CVE-2024-50280 CVE-2024-50296
                        CVE-2024-53051 CVE-2024-53055 CVE-2024-53056 CVE-2024-53064 CVE-2024-53072
                        CVE-2024-53090 CVE-2024-53095 CVE-2024-53101 CVE-2024-53113 CVE-2024-53114
                        CVE-2024-53119 CVE-2024-53120 CVE-2024-53122 CVE-2024-53125 CVE-2024-53130
                        CVE-2024-53131 CVE-2024-53142 CVE-2024-53146 CVE-2024-53150 CVE-2024-53156
                        CVE-2024-53157 CVE-2024-53158 CVE-2024-53161 CVE-2024-53162 CVE-2024-53173
                        CVE-2024-53179 CVE-2024-53206 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214
                        CVE-2024-53239 CVE-2024-53240 CVE-2024-53241 CVE-2024-56539 CVE-2024-56548
                        CVE-2024-56549 CVE-2024-56570 CVE-2024-56571 CVE-2024-56575 CVE-2024-56598
                        CVE-2024-56604 CVE-2024-56605 CVE-2024-56619 CVE-2024-56755 CVE-2024-8805
-----------------------------------------------------------------

The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:201-1
Released:    Tue Jan 21 13:51:32 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1170891,1173139,1185010,1190358,1190428,1203332,1205521,1209288,1209798,1211593,1211595,1214635,1215304,1215523,1216813,1216909,1219608,1222878,1223044,1225758,1225820,1226694,1228190,1229809,1230422,1230697,1231388,1231453,1231854,1232045,1232157,1232166,1232419,1232436,1232472,1232823,1233038,1233050,1233070,1233096,1233127,1233200,1233239,1233324,1233467,1233468,1233469,1233485,1233547,1233550,1233558,1233564,1233568,1233637,1233642,1233701,1233769,1233837,1234072,1234073,1234075,1234076,1234077,1234087,1234120,1234156,1234219,1234220,1234240,1234241,1234281,1234282,1234294,1234338,1234357,1234437,1234464,1234605,1234639,1234650,1234727,1234811,1234827,1234834,1234843,1234846,1234853,1234856,1234891,1234912,1234920,1234921,1234960,1234963,1234971,1234973,1235004,1235035,1235037,1235039,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1235507,CVE-2021-47202,CVE-2022-36280,CVE-2022-48742,CVE-2022-49033,CVE-2022-49035,CVE-2023-1382,CVE-2023-33951,CVE-2023-33952,CV
 E-2023-52920,CVE-2024-24860,CVE-2024-26886,CVE-2024-26924,CVE-2024-36915,CVE-2024-42232,CVE-2024-44934,CVE-2024-47666,CVE-2024-47678,CVE-2024-49944,CVE-2024-49952,CVE-2024-50018,CVE-2024-50143,CVE-2024-50154,CVE-2024-50166,CVE-2024-50181,CVE-2024-50202,CVE-2024-50211,CVE-2024-50256,CVE-2024-50262,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-50296,CVE-2024-53051,CVE-2024-53055,CVE-2024-53056,CVE-2024-53064,CVE-2024-53072,CVE-2024-53090,CVE-2024-53095,CVE-2024-53101,CVE-2024-53113,CVE-2024-53114,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53130,CVE-2024-53131,CVE-2024-53142,CVE-2024-53146,CVE-2024-53150,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53161,CVE-2024-53162,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56549,CVE-2024-56570,CVE-2024-56571,CVE-2024-56575,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-
 56619,CVE-2024-56755,CVE-2024-8805

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).

The following non-security bugs were fixed:

- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- README: Clean-up trailing whitespace
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ('rpm: support gz and zst compression methods') Fixes: 23510fce36ec ('fixup 'rpm: support gz and zst compression methods'')
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).

The following package changes have been done:

- kernel-default-base-5.14.21-150500.55.91.1.150500.6.41.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.133 updated