{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)","title":"Title of the patch"},{"category":"description","text":"This update for the Linux Kernel 6.4.0-150600_10_17 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).\n- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).\n- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).\n- CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235129).\n- CVE-2024-53208: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (bsc#1236244).\n- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233245).\n- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908).\n- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).\n- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).\n- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232927).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2025-2071,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2071","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02071-1.json"},{"category":"self","summary":"URL for SUSE-SU-2025:02071-1","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502071-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2025:02071-1","url":"https://lists.suse.com/pipermail/sle-updates/2025-June/040438.html"},{"category":"self","summary":"SUSE Bug 1232908","url":"https://bugzilla.suse.com/1232908"},{"category":"self","summary":"SUSE Bug 1232927","url":"https://bugzilla.suse.com/1232927"},{"category":"self","summary":"SUSE Bug 1232929","url":"https://bugzilla.suse.com/1232929"},{"category":"self","summary":"SUSE Bug 1233245","url":"https://bugzilla.suse.com/1233245"},{"category":"self","summary":"SUSE Bug 1233680","url":"https://bugzilla.suse.com/1233680"},{"category":"self","summary":"SUSE Bug 1233708","url":"https://bugzilla.suse.com/1233708"},{"category":"self","summary":"SUSE Bug 1235062","url":"https://bugzilla.suse.com/1235062"},{"category":"self","summary":"SUSE Bug 1235129","url":"https://bugzilla.suse.com/1235129"},{"category":"self","summary":"SUSE Bug 1235231","url":"https://bugzilla.suse.com/1235231"},{"category":"self","summary":"SUSE Bug 1236244","url":"https://bugzilla.suse.com/1236244"},{"category":"self","summary":"SUSE CVE CVE-2024-50124 page","url":"https://www.suse.com/security/cve/CVE-2024-50124/"},{"category":"self","summary":"SUSE CVE CVE-2024-50125 page","url":"https://www.suse.com/security/cve/CVE-2024-50125/"},{"category":"self","summary":"SUSE CVE CVE-2024-50127 page","url":"https://www.suse.com/security/cve/CVE-2024-50127/"},{"category":"self","summary":"SUSE CVE CVE-2024-50257 page","url":"https://www.suse.com/security/cve/CVE-2024-50257/"},{"category":"self","summary":"SUSE CVE CVE-2024-50279 page","url":"https://www.suse.com/security/cve/CVE-2024-50279/"},{"category":"self","summary":"SUSE CVE CVE-2024-50301 page","url":"https://www.suse.com/security/cve/CVE-2024-50301/"},{"category":"self","summary":"SUSE CVE CVE-2024-53208 page","url":"https://www.suse.com/security/cve/CVE-2024-53208/"},{"category":"self","summary":"SUSE CVE CVE-2024-56582 page","url":"https://www.suse.com/security/cve/CVE-2024-56582/"},{"category":"self","summary":"SUSE CVE CVE-2024-56601 page","url":"https://www.suse.com/security/cve/CVE-2024-56601/"},{"category":"self","summary":"SUSE CVE CVE-2024-56605 page","url":"https://www.suse.com/security/cve/CVE-2024-56605/"}],"title":"Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)","tracking":{"current_release_date":"2025-06-23T20:03:55Z","generator":{"date":"2025-06-23T20:03:55Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2025:02071-1","initial_release_date":"2025-06-23T20:03:55Z","revision_history":[{"date":"2025-06-23T20:03:55Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64","product":{"name":"kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64","product_id":"kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 15 SP6","product":{"name":"SUSE Linux Enterprise Live Patching 15 SP6","product_id":"SUSE Linux Enterprise Live Patching 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-live-patching:15:sp6"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6","product_id":"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"},"product_reference":"kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP6"}]},"vulnerabilities":[{"cve":"CVE-2024-50124","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-50124"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix UAF on iso_sock_timeout\n\nconn->sk maybe have been unlinked/freed while waiting for iso_conn_lock\nso this checks if the conn->sk is still valid by checking if it part of\niso_sk_list.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-50124","url":"https://www.suse.com/security/cve/CVE-2024-50124"},{"category":"external","summary":"SUSE Bug 1232926 for CVE-2024-50124","url":"https://bugzilla.suse.com/1232926"},{"category":"external","summary":"SUSE Bug 1232927 for CVE-2024-50124","url":"https://bugzilla.suse.com/1232927"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-50124"},{"cve":"CVE-2024-50125","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-50125"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn->sk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn->sk is still valid by checking if it part of\nsco_sk_list.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-50125","url":"https://www.suse.com/security/cve/CVE-2024-50125"},{"category":"external","summary":"SUSE Bug 1232928 for CVE-2024-50125","url":"https://bugzilla.suse.com/1232928"},{"category":"external","summary":"SUSE Bug 1232929 for CVE-2024-50125","url":"https://bugzilla.suse.com/1232929"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-50125"},{"cve":"CVE-2024-50127","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-50127"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn 'taprio_change()', 'admin' pointer may become dangling due to sched\nswitch / removal caused by 'advance_sched()', and critical section\nprotected by 'q->current_entry_lock' is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update\n'admin' immediately before an attempt to schedule freeing.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-50127","url":"https://www.suse.com/security/cve/CVE-2024-50127"},{"category":"external","summary":"SUSE Bug 1232907 for CVE-2024-50127","url":"https://bugzilla.suse.com/1232907"},{"category":"external","summary":"SUSE Bug 1232908 for CVE-2024-50127","url":"https://bugzilla.suse.com/1232908"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-50127"},{"cve":"CVE-2024-50257","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-50257"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: Fix use-after-free in get_info()\n\nip6table_nat module unload has refcnt warning for UAF. call trace is:\n\nWARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80\nModules linked in: ip6table_nat(-)\nCPU: 1 UID: 0 PID: 379 Comm: ip6tables Not tainted 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:module_put+0x6f/0x80\nCall Trace:\n <TASK>\n get_info+0x128/0x180\n do_ip6t_get_ctl+0x6a/0x430\n nf_getsockopt+0x46/0x80\n ipv6_getsockopt+0xb9/0x100\n rawv6_getsockopt+0x42/0x190\n do_sock_getsockopt+0xaa/0x180\n __sys_getsockopt+0x70/0xc0\n __x64_sys_getsockopt+0x20/0x30\n do_syscall_64+0xa2/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent execution of module unload and get_info() trigered the warning.\nThe root cause is as follows:\n\ncpu0\t\t\t\t      cpu1\nmodule_exit\n//mod->state = MODULE_STATE_GOING\n  ip6table_nat_exit\n    xt_unregister_template\n\tkfree(t)\n\t//removed from templ_list\n\t\t\t\t      getinfo()\n\t\t\t\t\t  t = xt_find_table_lock\n\t\t\t\t\t\tlist_for_each_entry(tmpl, &xt_templates[af]...)\n\t\t\t\t\t\t\tif (strcmp(tmpl->name, name))\n\t\t\t\t\t\t\t\tcontinue;  //table not found\n\t\t\t\t\t\t\ttry_module_get\n\t\t\t\t\t\tlist_for_each_entry(t, &xt_net->tables[af]...)\n\t\t\t\t\t\t\treturn t;  //not get refcnt\n\t\t\t\t\t  module_put(t->me) //uaf\n    unregister_pernet_subsys\n    //remove table from xt_net list\n\nWhile xt_table module was going away and has been removed from\nxt_templates list, we couldnt get refcnt of xt_table->me. Check\nmodule in xt_net->tables list re-traversal to fix it.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-50257","url":"https://www.suse.com/security/cve/CVE-2024-50257"},{"category":"external","summary":"SUSE Bug 1233244 for CVE-2024-50257","url":"https://bugzilla.suse.com/1233244"},{"category":"external","summary":"SUSE Bug 1233245 for CVE-2024-50257","url":"https://bugzilla.suse.com/1233245"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-50257"},{"cve":"CVE-2024-50279","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-50279"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n   access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n  BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n  Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n  (...snip...)\n  The buggy address belongs to the virtual mapping at\n   [ffffc900000f3000, ffffc900000f5000) created by:\n   cache_ctr+0x176a/0x35f0\n\n  (...snip...)\n  Memory state around the buggy address:\n   ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n   ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  >ffffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n                     ^\n   ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n   ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-50279","url":"https://www.suse.com/security/cve/CVE-2024-50279"},{"category":"external","summary":"SUSE Bug 1233468 for CVE-2024-50279","url":"https://bugzilla.suse.com/1233468"},{"category":"external","summary":"SUSE Bug 1233708 for CVE-2024-50279","url":"https://bugzilla.suse.com/1233708"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-50279"},{"cve":"CVE-2024-50301","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-50301"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n   pattern '0xxxxxxxe6'.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n   slots in a node(below tag ascend_to_node), if the slot pointer is meta\n   and node->back_pointer != NULL(it means a root), it will proceed to\n   descend_to_node. However, there is an exception. If node is the root,\n   and one of the slots points to a shortcut, it will be treated as a\n   keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n   However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n   ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n   has keys with hashes that are not similar (e.g. slot 0) and it splits\n   NODE A without using a shortcut. When NODE A is filled with keys that\n   all hashes are xxe6, the keys are similar, NODE A will split with a\n   shortcut. Finally, it forms the tree as shown below, where slot 6 points\n   to a shortcut.\n\n                      NODE A\n              +------>+---+\n      ROOT    |       | 0 | xxe6\n      +---+   |       +---+\n xxxx | 0 | shortcut  :   : xxe6\n      +---+   |       +---+\n xxe6 :   :   |       |   | xxe6\n      +---+   |       +---+\n      | 6 |---+       :   : xxe6\n      +---+           +---+\n xxe6 :   :           | f | xxe6\n      +---+           +---+\n xxe6 | f |\n      +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n   it may be mistakenly transferred to a key*, leading to a read\n   out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-50301","url":"https://www.suse.com/security/cve/CVE-2024-50301"},{"category":"external","summary":"SUSE Bug 1233490 for CVE-2024-50301","url":"https://bugzilla.suse.com/1233490"},{"category":"external","summary":"SUSE Bug 1233680 for CVE-2024-50301","url":"https://bugzilla.suse.com/1233680"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-50301"},{"cve":"CVE-2024-53208","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-53208"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353\nRead of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54\n\nCPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\nq kasan_report+0x143/0x180 mm/kasan/report.c:601\n set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:328\n process_one_work kernel/workqueue.c:3231 [inline]\n process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n worker_thread+0x86d/0xd10 kernel/workqueue.c:3389\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nAllocated by task 5247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4193\n kmalloc_noprof include/linux/slab.h:681 [inline]\n kzalloc_noprof include/linux/slab.h:807 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n set_powered+0x3cd/0x5e0 net/bluetooth/mgmt.c:1394\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n sock_write_iter+0x2dd/0x400 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5246:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x149/0x360 mm/slub.c:4598\n settings_rsp+0x2bc/0x390 net/bluetooth/mgmt.c:1443\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x112/0x420 net/bluetooth/mgmt.c:9455\n hci_dev_close_sync+0x665/0x11a0 net/bluetooth/hci_sync.c:5191\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83gv\n entry_SYSCALL_64_after_hwframe+0x77/0x7f","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-53208","url":"https://www.suse.com/security/cve/CVE-2024-53208"},{"category":"external","summary":"SUSE Bug 1234909 for CVE-2024-53208","url":"https://bugzilla.suse.com/1234909"},{"category":"external","summary":"SUSE Bug 1236244 for CVE-2024-53208","url":"https://bugzilla.suse.com/1236244"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-53208"},{"cve":"CVE-2024-56582","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-56582"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free in btrfs_encoded_read_endio()\n\nShinichiro reported the following use-after free that sometimes is\nhappening in our CI system when running fstests' btrfs/284 on a TCMU\nrunner device:\n\n  BUG: KASAN: slab-use-after-free in lock_release+0x708/0x780\n  Read of size 8 at addr ffff888106a83f18 by task kworker/u80:6/219\n\n  CPU: 8 UID: 0 PID: 219 Comm: kworker/u80:6 Not tainted 6.12.0-rc6-kts+ #15\n  Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020\n  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x6e/0xa0\n   ? lock_release+0x708/0x780\n   print_report+0x174/0x505\n   ? lock_release+0x708/0x780\n   ? __virt_addr_valid+0x224/0x410\n   ? lock_release+0x708/0x780\n   kasan_report+0xda/0x1b0\n   ? lock_release+0x708/0x780\n   ? __wake_up+0x44/0x60\n   lock_release+0x708/0x780\n   ? __pfx_lock_release+0x10/0x10\n   ? __pfx_do_raw_spin_lock+0x10/0x10\n   ? lock_is_held_type+0x9a/0x110\n   _raw_spin_unlock_irqrestore+0x1f/0x60\n   __wake_up+0x44/0x60\n   btrfs_encoded_read_endio+0x14b/0x190 [btrfs]\n   btrfs_check_read_bio+0x8d9/0x1360 [btrfs]\n   ? lock_release+0x1b0/0x780\n   ? trace_lock_acquire+0x12f/0x1a0\n   ? __pfx_btrfs_check_read_bio+0x10/0x10 [btrfs]\n   ? process_one_work+0x7e3/0x1460\n   ? lock_acquire+0x31/0xc0\n   ? process_one_work+0x7e3/0x1460\n   process_one_work+0x85c/0x1460\n   ? __pfx_process_one_work+0x10/0x10\n   ? assign_work+0x16c/0x240\n   worker_thread+0x5e6/0xfc0\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0x2c3/0x3a0\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x31/0x70\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>\n\n  Allocated by task 3661:\n   kasan_save_stack+0x30/0x50\n   kasan_save_track+0x14/0x30\n   __kasan_kmalloc+0xaa/0xb0\n   btrfs_encoded_read_regular_fill_pages+0x16c/0x6d0 [btrfs]\n   send_extent_data+0xf0f/0x24a0 [btrfs]\n   process_extent+0x48a/0x1830 [btrfs]\n   changed_cb+0x178b/0x2ea0 [btrfs]\n   btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs]\n   _btrfs_ioctl_send+0x117/0x330 [btrfs]\n   btrfs_ioctl+0x184a/0x60a0 [btrfs]\n   __x64_sys_ioctl+0x12e/0x1a0\n   do_syscall_64+0x95/0x180\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n  Freed by task 3661:\n   kasan_save_stack+0x30/0x50\n   kasan_save_track+0x14/0x30\n   kasan_save_free_info+0x3b/0x70\n   __kasan_slab_free+0x4f/0x70\n   kfree+0x143/0x490\n   btrfs_encoded_read_regular_fill_pages+0x531/0x6d0 [btrfs]\n   send_extent_data+0xf0f/0x24a0 [btrfs]\n   process_extent+0x48a/0x1830 [btrfs]\n   changed_cb+0x178b/0x2ea0 [btrfs]\n   btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs]\n   _btrfs_ioctl_send+0x117/0x330 [btrfs]\n   btrfs_ioctl+0x184a/0x60a0 [btrfs]\n   __x64_sys_ioctl+0x12e/0x1a0\n   do_syscall_64+0x95/0x180\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n  The buggy address belongs to the object at ffff888106a83f00\n   which belongs to the cache kmalloc-rnd-07-96 of size 96\n  The buggy address is located 24 bytes inside of\n   freed 96-byte region [ffff888106a83f00, ffff888106a83f60)\n\n  The buggy address belongs to the physical page:\n  page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888106a83800 pfn:0x106a83\n  flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n  page_type: f5(slab)\n  raw: 0017ffffc0000000 ffff888100053680 ffffea0004917200 0000000000000004\n  raw: ffff888106a83800 0000000080200019 00000001f5000000 0000000000000000\n  page dumped because: kasan: bad access detected\n\n  Memory state around the buggy address:\n   ffff888106a83e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n   ffff888106a83e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n  >ffff888106a83f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n                              ^\n   ffff888106a83f80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n   ffff888106a84000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  ==================================================================\n\nFurther analyzing the trace and \n---truncated---","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-56582","url":"https://www.suse.com/security/cve/CVE-2024-56582"},{"category":"external","summary":"SUSE Bug 1235128 for CVE-2024-56582","url":"https://bugzilla.suse.com/1235128"},{"category":"external","summary":"SUSE Bug 1235129 for CVE-2024-56582","url":"https://bugzilla.suse.com/1235129"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-56582"},{"cve":"CVE-2024-56601","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-56601"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-56601","url":"https://www.suse.com/security/cve/CVE-2024-56601"},{"category":"external","summary":"SUSE Bug 1235230 for CVE-2024-56601","url":"https://bugzilla.suse.com/1235230"},{"category":"external","summary":"SUSE Bug 1235231 for CVE-2024-56601","url":"https://bugzilla.suse.com/1235231"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-56601"},{"cve":"CVE-2024-56605","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-56605"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-56605","url":"https://www.suse.com/security/cve/CVE-2024-56605"},{"category":"external","summary":"SUSE Bug 1234853 for CVE-2024-56605","url":"https://bugzilla.suse.com/1234853"},{"category":"external","summary":"SUSE Bug 1235061 for CVE-2024-56605","url":"https://bugzilla.suse.com/1235061"},{"category":"external","summary":"SUSE Bug 1235062 for CVE-2024-56605","url":"https://bugzilla.suse.com/1235062"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_17-rt-10-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-06-23T20:03:55Z","details":"important"}],"title":"CVE-2024-56605"}]}