## The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-35863: smb: client: fix potential UAF in is_valid_oplock_break() (bsc#1224763). * CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). * CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). * CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). * CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). * CVE-2024-57850: jffs2: Prevent rtime decompress memory corruption
* bsc#1224763
* bsc#1234025
* bsc#1234853
* bsc#1234891
* bsc#1234963
* bsc#1235054
* bsc#1235061
* bsc#1235073
* bsc#1235217
* bsc#1235230
* bsc#1235430
* bsc#1235645
* bsc#1235812
* bsc#1235920
Cross-
* CVE-2024-35863
* CVE-2024-53104
* CVE-2024-53173
* CVE-2024-53239
* CVE-2024-56539
* CVE-2024-56548
* CVE-2024-56600
* CVE-2024-56601
* CVE-2024-56605
* CVE-2024-56650
* CVE-2024-56759
* CVE-2024-57850
* CVE-2024-57893
CVSS scores:
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53104 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Get the latest Linux and open source security news straight to your inbox.