{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel (Live Patch 64 for SLE 12 SP5)","title":"Title of the patch"},{"category":"description","text":"This update for the Linux Kernel 4.12.14-122_244 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238920).\n- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238912).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2025-2402,SUSE-SLE-Live-Patching-12-SP5-2025-2402","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02402-1.json"},{"category":"self","summary":"URL for SUSE-SU-2025:02402-1","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502402-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2025:02402-1","url":"https://lists.suse.com/pipermail/sle-updates/2025-July/040800.html"},{"category":"self","summary":"SUSE Bug 1238912","url":"https://bugzilla.suse.com/1238912"},{"category":"self","summary":"SUSE Bug 1238920","url":"https://bugzilla.suse.com/1238920"},{"category":"self","summary":"SUSE CVE CVE-2022-49465 page","url":"https://www.suse.com/security/cve/CVE-2022-49465/"},{"category":"self","summary":"SUSE CVE CVE-2025-21772 page","url":"https://www.suse.com/security/cve/CVE-2025-21772/"}],"title":"Security update for the Linux Kernel (Live Patch 64 for SLE 12 SP5)","tracking":{"current_release_date":"2025-07-21T07:06:57Z","generator":{"date":"2025-07-21T07:06:57Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2025:02402-1","initial_release_date":"2025-07-21T07:06:57Z","revision_history":[{"date":"2025-07-21T07:06:57Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","product":{"name":"kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","product_id":"kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","product":{"name":"kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","product_id":"kgraft-patch-4_12_14-122_244-default-6-2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64","product":{"name":"kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64","product_id":"kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 12 SP5","product":{"name":"SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-live-patching:12:sp5"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le"},"product_reference":"kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_244-default-6-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.s390x"},"product_reference":"kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64"},"product_reference":"kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"}]},"vulnerabilities":[{"cve":"CVE-2022-49465","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-49465"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nblk-throttle: Set BIO_THROTTLED when bio has been throttled\n\n1.In current process, all bio will set the BIO_THROTTLED flag\nafter __blk_throtl_bio().\n\n2.If bio needs to be throttled, it will start the timer and\nstop submit bio directly. Bio will submit in\nblk_throtl_dispatch_work_fn() when the timer expires.But in\nthe current process, if bio is throttled. The BIO_THROTTLED\nwill be set to bio after timer start. If the bio has been\ncompleted, it may cause use-after-free blow.\n\nBUG: KASAN: use-after-free in blk_throtl_bio+0x12f0/0x2c70\nRead of size 2 at addr ffff88801b8902d4 by task fio/26380\n\n dump_stack+0x9b/0xce\n print_address_description.constprop.6+0x3e/0x60\n kasan_report.cold.9+0x22/0x3a\n blk_throtl_bio+0x12f0/0x2c70\n submit_bio_checks+0x701/0x1550\n submit_bio_noacct+0x83/0xc80\n submit_bio+0xa7/0x330\n mpage_readahead+0x380/0x500\n read_pages+0x1c1/0xbf0\n page_cache_ra_unbounded+0x471/0x6f0\n do_page_cache_ra+0xda/0x110\n ondemand_readahead+0x442/0xae0\n page_cache_async_ra+0x210/0x300\n generic_file_buffered_read+0x4d9/0x2130\n generic_file_read_iter+0x315/0x490\n blkdev_read_iter+0x113/0x1b0\n aio_read+0x2ad/0x450\n io_submit_one+0xc8e/0x1d60\n __se_sys_io_submit+0x125/0x350\n do_syscall_64+0x2d/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nAllocated by task 26380:\n kasan_save_stack+0x19/0x40\n __kasan_kmalloc.constprop.2+0xc1/0xd0\n kmem_cache_alloc+0x146/0x440\n mempool_alloc+0x125/0x2f0\n bio_alloc_bioset+0x353/0x590\n mpage_alloc+0x3b/0x240\n do_mpage_readpage+0xddf/0x1ef0\n mpage_readahead+0x264/0x500\n read_pages+0x1c1/0xbf0\n page_cache_ra_unbounded+0x471/0x6f0\n do_page_cache_ra+0xda/0x110\n ondemand_readahead+0x442/0xae0\n page_cache_async_ra+0x210/0x300\n generic_file_buffered_read+0x4d9/0x2130\n generic_file_read_iter+0x315/0x490\n blkdev_read_iter+0x113/0x1b0\n aio_read+0x2ad/0x450\n io_submit_one+0xc8e/0x1d60\n __se_sys_io_submit+0x125/0x350\n do_syscall_64+0x2d/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nFreed by task 0:\n kasan_save_stack+0x19/0x40\n kasan_set_track+0x1c/0x30\n kasan_set_free_info+0x1b/0x30\n __kasan_slab_free+0x111/0x160\n kmem_cache_free+0x94/0x460\n mempool_free+0xd6/0x320\n bio_free+0xe0/0x130\n bio_put+0xab/0xe0\n bio_endio+0x3a6/0x5d0\n blk_update_request+0x590/0x1370\n scsi_end_request+0x7d/0x400\n scsi_io_completion+0x1aa/0xe50\n scsi_softirq_done+0x11b/0x240\n blk_mq_complete_request+0xd4/0x120\n scsi_mq_done+0xf0/0x200\n virtscsi_vq_done+0xbc/0x150\n vring_interrupt+0x179/0x390\n __handle_irq_event_percpu+0xf7/0x490\n handle_irq_event_percpu+0x7b/0x160\n handle_irq_event+0xcc/0x170\n handle_edge_irq+0x215/0xb20\n common_interrupt+0x60/0x120\n asm_common_interrupt+0x1e/0x40\n\nFix this by move BIO_THROTTLED set into the queue_lock.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2022-49465","url":"https://www.suse.com/security/cve/CVE-2022-49465"},{"category":"external","summary":"SUSE Bug 1238919 for CVE-2022-49465","url":"https://bugzilla.suse.com/1238919"},{"category":"external","summary":"SUSE Bug 1238920 for CVE-2022-49465","url":"https://bugzilla.suse.com/1238920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-07-21T07:06:57Z","details":"important"}],"title":"CVE-2022-49465"},{"cve":"CVE-2025-21772","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-21772"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n   preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n   (which results in partition table entries straddling sector boundaries),\n   bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n   termination - use strnlen() and strncmp() instead of strlen() and\n   strcmp().","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-21772","url":"https://www.suse.com/security/cve/CVE-2025-21772"},{"category":"external","summary":"SUSE Bug 1238911 for CVE-2025-21772","url":"https://bugzilla.suse.com/1238911"},{"category":"external","summary":"SUSE Bug 1238912 for CVE-2025-21772","url":"https://bugzilla.suse.com/1238912"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-6-2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-07-21T07:06:57Z","details":"important"}],"title":"CVE-2025-21772"}]}