{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for kernel-livepatch-MICRO-6-0_Update_5","title":"Title of the patch"},{"category":"description","text":"This update for kernel-livepatch-MICRO-6-0_Update_5 fixes the following issues:\n\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235916)\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-Micro-6.1-kernel-30","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20366-1.json"},{"category":"self","summary":"URL for SUSE-SU-2025:20366-1","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520366-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2025:20366-1","url":"https://lists.suse.com/pipermail/sle-updates/2025-June/039493.html"},{"category":"self","summary":"SUSE Bug 1235916","url":"https://bugzilla.suse.com/1235916"},{"category":"self","summary":"SUSE CVE CVE-2024-57882 page","url":"https://www.suse.com/security/cve/CVE-2024-57882/"}],"title":"Security update for kernel-livepatch-MICRO-6-0_Update_5","tracking":{"current_release_date":"2025-05-28T09:53:11Z","generator":{"date":"2025-05-28T09:53:11Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2025:20366-1","initial_release_date":"2025-05-28T09:53:11Z","revision_history":[{"date":"2025-05-28T09:53:11Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-livepatch-6_4_0-25-default-2-1.2.s390x","product":{"name":"kernel-livepatch-6_4_0-25-default-2-1.2.s390x","product_id":"kernel-livepatch-6_4_0-25-default-2-1.2.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kernel-livepatch-6_4_0-25-default-2-1.2.x86_64","product":{"name":"kernel-livepatch-6_4_0-25-default-2-1.2.x86_64","product_id":"kernel-livepatch-6_4_0-25-default-2-1.2.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Micro 6.1","product":{"name":"SUSE Linux Micro 6.1","product_id":"SUSE Linux Micro 6.1","product_identification_helper":{"cpe":"cpe:/o:suse:sl-micro:6.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-6_4_0-25-default-2-1.2.s390x as component of SUSE Linux Micro 6.1","product_id":"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-default-2-1.2.s390x"},"product_reference":"kernel-livepatch-6_4_0-25-default-2-1.2.s390x","relates_to_product_reference":"SUSE Linux Micro 6.1"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-6_4_0-25-default-2-1.2.x86_64 as component of SUSE Linux Micro 6.1","product_id":"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-default-2-1.2.x86_64"},"product_reference":"kernel-livepatch-6_4_0-25-default-2-1.2.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.1"}]},"vulnerabilities":[{"cve":"CVE-2024-57882","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-57882"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n </TASK>\n\nEric noted a probable shinfo->nr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-default-2-1.2.s390x","SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-default-2-1.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2024-57882","url":"https://www.suse.com/security/cve/CVE-2024-57882"},{"category":"external","summary":"SUSE Bug 1235914 for CVE-2024-57882","url":"https://bugzilla.suse.com/1235914"},{"category":"external","summary":"SUSE Bug 1235916 for CVE-2024-57882","url":"https://bugzilla.suse.com/1235916"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-default-2-1.2.s390x","SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-default-2-1.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","version":"3.1"},"products":["SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-default-2-1.2.s390x","SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-25-default-2-1.2.x86_64"]}],"threats":[{"category":"impact","date":"2025-05-28T09:53:11Z","details":"important"}],"title":"CVE-2024-57882"}]}