Overview

File _patchinfo of Package patchinfo.41520

<patchinfo incident="41520">
  <issue tracker="bnc" id="1246019">VUL-0: CVE-2024-53164: kernel live patch: net: sched: fix ordering of qlen adjustment</issue>
  <issue tracker="bnc" id="1248631">VUL-0: CVE-2025-38664: kernel live patch: ice: Fix a null pointer dereference in ice_copy_and_init_pkg()</issue>
  <issue tracker="bnc" id="1249207">VUL-0: CVE-2025-38618: kernel live patch: vsock: Do not allow binding to VMADDR_PORT_ANY</issue>
  <issue tracker="bnc" id="1249208">VUL-0: CVE-2025-38617: kernel live patch: net/packet: fix a race in packet_set_ring() and packet_notifier()</issue>
  <issue tracker="bnc" id="1249841">VUL-0: CVE-2022-50248: kernel live patch: wifi: iwlwifi: mvm: fix double free on tx path.</issue>
  <issue tracker="bnc" id="1249847">VUL-0: CVE-2022-50252: kernel live patch: igb: Do not free q_vector unless new one was allocated</issue>
  <issue tracker="bnc" id="1252946">[Build :41374:kernel-livepatch-SLE15-SP5_Update_20] packet_setsockopt() crash kernel due NULL pointer dereference</issue>
  <issue tracker="cve" id="2022-50248"/>
  <issue tracker="cve" id="2022-50252"/>
  <issue tracker="cve" id="2024-53164"/>
  <issue tracker="cve" id="2025-38617"/>
  <issue tracker="cve" id="2025-38618"/>
  <issue tracker="cve" id="2025-38664"/>
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <summary>Security update for the Linux Kernel (Live Patch 56 for SUSE Linux Enterprise 15 SP3)</summary>
  <description>
This update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.201 fixes various security issues

The following security issues were fixed:

- CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249841).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249847).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631).

The following non security issue was fixed:

- bsc#1249208: fix livepatching target module name (bsc#1252946)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places