SB2025012248 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 23 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2021-47202)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend() and of_thermal_set_trip_temp() functions in drivers/thermal/of-thermal.c. A local user can perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2022-49035)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the s5p_cec_irq_handler() function in drivers/media/cec/platform/s5p/s5p_cec.c. A local user can perform a denial of service (DoS) attack.

3) Double free (CVE-ID: CVE-2024-41087)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2024-50154)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

5) Use-after-free (CVE-ID: CVE-2024-53095)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can escalate privileges on the system.

6) Use of uninitialized resource (CVE-ID: CVE-2024-53142)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the do_name() and do_copy() functions in init/initramfs.c. A local user can perform a denial of service (DoS) attack.

7) Integer overflow (CVE-ID: CVE-2024-53146)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.

8) Out-of-bounds read (CVE-ID: CVE-2024-53156)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2024-53173)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

10) Use-after-free (CVE-ID: CVE-2024-53179)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_get_sign_key(), smb2_find_smb_ses_unlocked(), smb2_calc_signature() and smb3_calc_signature() functions in fs/smb/client/smb2transport.c. A local user can escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2024-53206)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __inet_csk_reqsk_queue_drop() function in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

12) Out-of-bounds read (CVE-ID: CVE-2024-53214)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2024-53239)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.

14) NULL pointer dereference (CVE-ID: CVE-2024-53240)

The vulnerability allows a remote backend to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the guest xen-netfront driver. A a malicious network backend can crash the guest OS.

15) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-53241)

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.

16) Buffer overflow (CVE-ID: CVE-2024-56539)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.

17) Use-after-free (CVE-ID: CVE-2024-56548)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.

18) Input validation error (CVE-ID: CVE-2024-56570)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ovl_dentry_init_flags() function in fs/overlayfs/util.c. A local user can perform a denial of service (DoS) attack.

19) Out-of-bounds read (CVE-ID: CVE-2024-56598)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

20) Use-after-free (CVE-ID: CVE-2024-56604)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rfcomm_sock_alloc() function in net/bluetooth/rfcomm/sock.c. A local user can escalate privileges on the system.

21) Use-after-free (CVE-ID: CVE-2024-56605)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.

22) Use-after-free (CVE-ID: CVE-2024-56619)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.

23) Improper access control (CVE-ID: CVE-2024-8805)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the implementation of the HID over GATT Profile. A remote attacker on the local network can bypass implemented security restrictions and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2025/suse-su-20250203-1/