SUSE-SU-2025:1463-1 Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294. - CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431...

ksmbd: fix use-after-free in ksmbd_free_work_struct

...

net: davicom: fix UAF in dm9000_drv_remove

...

RHEL 9 : kernel (RHSA-2025:4469)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4469 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme-tcp: fix potential memory corrupti...

CVE-2023-53080

In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdpumemreg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. Also remove a redundant u32 cast assigning umem-npgs...

CVE-2023-53055

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

CVE-2023-53071

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76unregisterdevice on unregistered hw Trying to probe a mt7921e pci card without firmware results in a successful probe where ieee80211registerhw hasn't been called. When removing the driver,...

CVE-2023-53058

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code...

CVE-2022-49932

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvminit only after all setup is complete, as kvminit exposes /dev/kvm to userspace and thus allows userspace to create VMs and call other ioctls. E.g. KVM...

CVE-2023-53135 riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode

In the Linux kernel, the following vulnerability has been resolved: riscv: Use READONCENOCHECK in imprecise unwinding stack mode When CONFIGFRAMEPOINTER is unset, the stack unwinding function walkstackframe randomly reads the stack and then, when KASAN is enabled, it can lead to the following...

CVE-2023-53134

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

CVE-2023-53109

In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev-neededheadroom IP tunnels can apparently update dev-neededheadroom in their xmit path. This patch takes care of three tunnels xmit, and also the core LLRESERVEDSPACE and...

CVE-2023-53107

In the Linux kernel, the following vulnerability has been resolved: veth: Fix use after free in XDPREDIRECT Commit 718a18a0c8a6 "veth: Rework vethxdprcvskb in order to accept non-linear skb" introduced a bug where it tried to use pskbexpandhead if the headroom was less than XDPPACKETHEADROOM. Thi...

CVE-2023-53081 ocfs2: fix data corruption after failed write

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2writeendnolock just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page...

CVE-2023-53068 net: usb: lan78xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory content...

CVE-2023-53067 LoongArch: Only call get_timer_irq() once in constant_clockevent_init()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call gettimerirq once in constantclockeventinit Under CONFIGDEBUGATOMICSLEEP=y and CONFIGDEBUGPREEMPT=y, we can see the following messages on LoongArch, this is because using mightsleep in preemption disable...

CVE-2023-53066 qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info

In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: guard against NULL derefs from qediovgetvfinfo We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center linuxtesting.org with the SVACE static analysis...

CVE-2023-53044 dm stats: check for and propagate alloc_percpu failure

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate allocpercpu failure Check allocprecpu's return value and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL pointer dereference will occu...

CVE-2022-49887

In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdecprobe v4l2deviceunregister need to be called to put the refcount got by v4l2deviceregister when vdecprobe fails or vdecremove is called...

CVE-2022-49827

In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drmvblankdestroyworker drmvblankinit call drmmaddactionorreset with drmvblankinitrelease as action. If drmmaddaction failed, will directly call drmvblankinitrelease with the vblank whose worke...