SUSE SLES12 Security Update : kernel (Live Patch 61 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2025:4123-1)

high Nessus Plugin ID 275755

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4123-1 advisory.

This update for the SUSE Linux Enterprise kernel 4.12.14-122.231 fixes various security issues

The following security issues were fixed:

- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
- CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1232818).
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238324).
- CVE-2022-49179: block, bfq: don't move oom_bfqq (bsc#1241331).
- CVE-2022-49465: blk-throttle: set BIO_THROTTLED when bio has been throttled (bsc#1238920).
- CVE-2022-49545: ALSA: usb-audio: cancel pending work at closing a MIDI substream (bsc#1238730).
- CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238788).
- CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238790).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249847).
- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250302).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230998).
- CVE-2024-46818: drm/amd/display: check gpio_id before used as array index (bsc#1231204).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231993).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231862).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1233019).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).
- CVE-2024-50154: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink() (bsc#1233072).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233712).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
- CVE-2024-53146: NFSD: prevent a potential integer overflow (bsc#1234854).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234847).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234892).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235005).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235218).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235431).
- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250).
- CVE-2024-57893: ALSA: seq: oss: fix races at processing SysEx messages (bsc#1235921).
- CVE-2024-57996: net_sched: sch_sfq: don't allow 1 packet limit (bsc#1239077).
- CVE-2024-8805: BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability (bsc#1240840).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238912).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
- CVE-2025-38177: kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
- CVE-2025-38181: calipso: fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246001).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247499).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).

The following non security issues were fixed:

- Add the git commit and branch to the package description (bsc#920633)
- Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. (bsc#930408)
- Mark the module as supported (bsc#904970)
- Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups.
- Require exact kernel version in the patch (bsc#920615)
- Revert 'Require exact kernel version in the patch' This needs to be done differently, so that modprobe
--force works as expected. (bsc#920615) This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a.
- Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. (bsc#907150)
- The stubs' signatures have changed: each argument used to get mapped to either long or long long, but on x86_64, the stubs are now receiving a single struct pt_regs only -- it's their responsibility to extract the arguments as appropriate. In order to not require each and every live patch touching syscalls to include an insane amount of ifdeffery, provide a set of #defines hiding it: 1.) KLP_SYSCALL_SYM(name) expands to the syscall stub name for 64 bits as defined by _SYSCALL_DEFINEx(x, _name, ...). 2.) If the architeture requires 32bit specific stubs for syscalls sharing a common implementation between 32 and 64bits, the KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS macro is defined. 3.) If KLP_ARCH_HAS_SYSCALL_COMPAT_STUBS is defined, then KLP_SYSCALL_COMPAT_STUB_SYM(name) expands to the syscall stub name for 32 bits as defined by _SYSCALL_DEFINEx(x, _name, ...). 4.) For syscalls not sharing a common implementation between 32 and 64 bits, i.e. those defined by COMPAT_SYSCALL_DEFINEx(), the macro KLP_COMPAT_SYSCALL_SYM(name) expands to the stub name defined as defined by COMPAT_SYSCALL_DEFINEx(x, _name, ...). 5.) Finally, for hiding differences between the signatures, provide the macro KLP_SYSCALL_DECLx(x, sym, ...) which expands to a declaration of sym, with the x arguments either mapped to long resp. long long each, or collapsed to a single struct pt_regs argument as appropriate for the architecture. Note that these macros are defined as appropriate on kernels before and after 4.17, so that live patch code can be shared. (bsc#1149841)
- bsc#1249208: fix livepatching target module name (bsc#1252946)
- uname_patch: convert to the syscall stub wrapper macros from klp_syscalls.h In order to make the live patch to the newuname() syscall work on kernels >= 4.17 again, convert it to the KLP_SYSCALL_*() wrapper macros provided by klp_syscalls.h. (bsc#1149841)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kgraft-patch-4_12_14-122_231-default package.

Plugin Details

Severity: High

ID: 275755

File Name: suse_SU-2025-4123-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 11/19/2025

Updated: 11/19/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.9

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-8805

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_231-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/18/2025

Vulnerability Publication Date: 9/4/2021

CISA Known Exploited Vulnerability Due Dates: 2/26/2025, 3/25/2025

Reference Information

CVE: CVE-2022-48956, CVE-2022-49014, CVE-2022-49053, CVE-2022-49080, CVE-2022-49179, CVE-2022-49465, CVE-2022-49545, CVE-2022-49563, CVE-2022-49564, CVE-2022-50252, CVE-2022-50386, CVE-2024-45016, CVE-2024-46818, CVE-2024-47674, CVE-2024-47684, CVE-2024-47706, CVE-2024-49860, CVE-2024-50115, CVE-2024-50125, CVE-2024-50154, CVE-2024-50264, CVE-2024-50279, CVE-2024-50301, CVE-2024-50302, CVE-2024-53104, CVE-2024-53146, CVE-2024-53156, CVE-2024-53168, CVE-2024-53173, CVE-2024-53214, CVE-2024-56600, CVE-2024-56601, CVE-2024-56605, CVE-2024-56650, CVE-2024-56664, CVE-2024-57893, CVE-2024-57996, CVE-2024-8805, CVE-2025-21702, CVE-2025-21772, CVE-2025-21791, CVE-2025-21971, CVE-2025-37752, CVE-2025-37797, CVE-2025-38000, CVE-2025-38079, CVE-2025-38083, CVE-2025-38177, CVE-2025-38181, CVE-2025-38212, CVE-2025-38477, CVE-2025-38494, CVE-2025-38495, CVE-2025-38498, CVE-2025-38499, CVE-2025-38617, CVE-2025-38618, CVE-2025-38644

SuSE: SUSE-SU-2025:4123-1

Detections

Analytics

SUSE SLES12 Security Update : kernel (Live Patch 61 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2025:4123-1)

high Nessus Plugin ID 275755

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information