SUSE-SU-2025:0152-1: important: Security update for the Linux Kernel

[SLE-SECURITY-UPDATES]

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:0152-1  
Release Date: 2025-01-17T09:13:58Z  
Rating: important  
References:

  * bsc#1027565
  * bsc#1056588
  * bsc#1059525
  * bsc#1202346
  * bsc#1227985
  * bsc#1234846
  * bsc#1234853
  * bsc#1234891
  * bsc#1234963
  * bsc#1235054
  * bsc#1235056
  * bsc#1235061
  * bsc#1235073
  * bsc#1235220
  * bsc#1235224

  
Cross-References:

  * CVE-2017-1000253
  * CVE-2017-14051
  * CVE-2017-2636
  * CVE-2022-20368
  * CVE-2022-48839
  * CVE-2024-53146
  * CVE-2024-53156
  * CVE-2024-53173
  * CVE-2024-53239
  * CVE-2024-56539
  * CVE-2024-56548
  * CVE-2024-56598
  * CVE-2024-56604
  * CVE-2024-56605
  * CVE-2024-56619

  
CVSS scores:

  * CVE-2017-1000253 ( SUSE ):  8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2017-1000253 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2017-1000253 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2017-1000253 ( NVD ):  7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2017-14051 ( SUSE ):  6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2017-14051 ( NVD ):  4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2017-2636 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2017-2636 ( NVD ):  7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-20368 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-20368 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48839 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48839 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-53146 ( SUSE ):  8.5
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-53146 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-53146 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-53156 ( SUSE ):  8.5
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-53156 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-53156 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-53173 ( SUSE ):  7.3
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-53173 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-53173 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-53239 ( SUSE ):  8.5
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-53239 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-56539 ( SUSE ):  8.6
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-56539 ( SUSE ):  8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  * CVE-2024-56548 ( SUSE ):  8.4
    CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-56548 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-56598 ( SUSE ):  7.3
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-56598 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-56598 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-56604 ( SUSE ):  8.5
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-56604 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-56604 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-56605 ( SUSE ):  8.5
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-56605 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-56605 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-56619 ( SUSE ):  8.5
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-56619 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise Server 11 SP4
  * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

  
  
An update that solves 15 vulnerabilities can now be installed.

## Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

  * CVE-2017-14051: scsi/qla2xxx: Fix an integer overflow in sysfs code.
    (bsc#1056588)
  * CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
  * CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in
    htc_connect_service() (bsc#1234846).
  * CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
    open() (bsc#1234891).
  * CVE-2024-53239: ALSA: 6fire: Release resources at card release
    (bsc#1235054).
  * CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in
    mwifiex_config_scan() (bsc#1234963).
  * CVE-2024-56548: hfsplus: do not query the device logical block size multiple
    times (bsc#1235073).
  * CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst
    (bsc#1235220).
  * CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
    rfcomm_sock_alloc() (bsc#1235056).
  * CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error
    in l2cap_sock_create() (bsc#1235061).
  * CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in
    nilfs_find_entry() (bsc#1235224).

The following non-security bugs were fixed:

  * Enable CONFIG_FIRMWARE_SIG ()
  * r8169: check ALDPS bit and disable it if enabled for the 8168g (bnc#845352).
  * rpm/kernel-binary.spec.in: Remove obsolete ext4-writeable. Needs to be
    handled differently. (bnc#830822)

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE  
    zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-152=1

  * SUSE Linux Enterprise Server 11 SP4  
    zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-152=1

## Package List:

  * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64)
    * kernel-ec2-3.0.101-108.174.1
    * kernel-default-3.0.101-108.174.1
    * kernel-trace-3.0.101-108.174.1
    * kernel-xen-3.0.101-108.174.1
  * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64)
    * kernel-trace-devel-3.0.101-108.174.1
    * kernel-default-base-3.0.101-108.174.1
    * kernel-ec2-base-3.0.101-108.174.1
    * kernel-xen-devel-3.0.101-108.174.1
    * kernel-ec2-devel-3.0.101-108.174.1
    * kernel-default-devel-3.0.101-108.174.1
    * kernel-trace-base-3.0.101-108.174.1
    * kernel-source-3.0.101-108.174.1
    * kernel-syms-3.0.101-108.174.1
    * kernel-xen-base-3.0.101-108.174.1
  * SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
    * kernel-ec2-3.0.101-108.174.1
    * kernel-default-3.0.101-108.174.1
    * kernel-trace-3.0.101-108.174.1
    * kernel-xen-3.0.101-108.174.1
  * SUSE Linux Enterprise Server 11 SP4 (x86_64)
    * kernel-trace-devel-3.0.101-108.174.1
    * kernel-default-base-3.0.101-108.174.1
    * kernel-ec2-base-3.0.101-108.174.1
    * kernel-xen-devel-3.0.101-108.174.1
    * kernel-ec2-devel-3.0.101-108.174.1
    * kernel-default-devel-3.0.101-108.174.1
    * kernel-trace-base-3.0.101-108.174.1
    * kernel-source-3.0.101-108.174.1
    * kernel-syms-3.0.101-108.174.1
    * kernel-xen-base-3.0.101-108.174.1

## References:

  * https://www.suse.com/security/cve/CVE-2017-1000253.html
  * https://www.suse.com/security/cve/CVE-2017-14051.html
  * https://www.suse.com/security/cve/CVE-2017-2636.html
  * https://www.suse.com/security/cve/CVE-2022-20368.html
  * https://www.suse.com/security/cve/CVE-2022-48839.html
  * https://www.suse.com/security/cve/CVE-2024-53146.html
  * https://www.suse.com/security/cve/CVE-2024-53156.html
  * https://www.suse.com/security/cve/CVE-2024-53173.html
  * https://www.suse.com/security/cve/CVE-2024-53239.html
  * https://www.suse.com/security/cve/CVE-2024-56539.html
  * https://www.suse.com/security/cve/CVE-2024-56548.html
  * https://www.suse.com/security/cve/CVE-2024-56598.html
  * https://www.suse.com/security/cve/CVE-2024-56604.html
  * https://www.suse.com/security/cve/CVE-2024-56605.html
  * https://www.suse.com/security/cve/CVE-2024-56619.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1027565
  * https://bugzilla.suse.com/show_bug.cgi?id=1056588
  * https://bugzilla.suse.com/show_bug.cgi?id=1059525
  * https://bugzilla.suse.com/show_bug.cgi?id=1202346
  * https://bugzilla.suse.com/show_bug.cgi?id=1227985
  * https://bugzilla.suse.com/show_bug.cgi?id=1234846
  * https://bugzilla.suse.com/show_bug.cgi?id=1234853
  * https://bugzilla.suse.com/show_bug.cgi?id=1234891
  * https://bugzilla.suse.com/show_bug.cgi?id=1234963
  * https://bugzilla.suse.com/show_bug.cgi?id=1235054
  * https://bugzilla.suse.com/show_bug.cgi?id=1235056
  * https://bugzilla.suse.com/show_bug.cgi?id=1235061
  * https://bugzilla.suse.com/show_bug.cgi?id=1235073
  * https://bugzilla.suse.com/show_bug.cgi?id=1235220
  * https://bugzilla.suse.com/show_bug.cgi?id=1235224

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250117/4597ef8c/attachment.htm>